@@ -23,223 +24,91 @@

#+END_HTML - The table below provides links to the location of the files on the - primary server only. - -** GnuPG 2.0 -# <> -#+index: GnuPG!download - - GnuPG 2.0 is the new modularized version of GnuPG supporting - OpenPGP and S/MIME - - | GnuPG {{{gnupg_ver}}} full source code | {{{gnupg_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | - - SHA-1 checksum for the above file: - {{{begin_chksum}}} - {{{gnupg_sha1}}} gnupg-{{{gnupg_ver}}}.tar.bz2 - {{{end_chksum}}} - - {{{check_sig_note}}} - - -** GnuPG 1.4 -# <> - - | GnuPG {{{gnupg1_ver}}} source compressed using /bzip2/ | {{{gnupg1_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | GnuPG {{{gnupg1_ver}}} source compressed using /gzip/ | {{{gnupg1_size_gz}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.gz{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.gz.sig{{{ftpclose}}} | - | A patch file to upgrade to a {{{gnupg1_ver}}} source tree | {{{gnupg1_patch_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_patch_ver}}}.diff.bz2{{{ftpclose}}} | - - SHA-1 checksums for the above files: - {{{begin_chksum}}} - {{{gnupg1_sha1}}} gnupg-{{{gnupg1_ver}}}.tar.bz2 - {{{gnupg1_sha1_gz}}} gnupg-{{{gnupg1_ver}}}.tar.gz - {{{gnupg1_patch_sha1}}} gnupg-{{{gnupg1_patch_ver}}}.diff.bz2 - {{{end_chksum}}} - - Select one of them. To shorten the download time, you probably want - to get the /bzip2/ compressed file. Please try another mirror if - exceptionally your mirror is not yet up to date. - - {{{check_sig_note}}} - -** GnuPG Binaries -#+index: Binaries!download - - Packages for *MS-Windows* are available at [[http://gpg4win.org][Gpg4win]]. - Packages for *Mac OS X* should be available at [[http://gpgtools.org][Mac GPG]]. - - The following links direct you to external sites and those may provide - old and possible very outdated versions of GnuPG. - - - Packages for *Debian GNU/Linux* are available at the [[http://www.debian.org][Debian site]]. - - - *RPM* packages of this software should be available from [[http://rpmfind.net/][rpmfind]] - network. - - - Packages for other *POSIX-like* operating systems might be - available at [[http://gnupg.unixsecurity.com.br][Unix Security]]. - - - Sources and precompiled binaries for *RISC OS* are available at - [[http://www.sbellon.de/gnupg.html][Stefan Bellon's home page]] who ported GnuPG to this platform. - - - A port to *VMS* is maintained by Steven M. Schweda at - [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]]. - - -** Gnu Privacy Assistant -# <> -#+index: GPA!download - - [[../related_software/gpa/index.org][GPA]] is still work in progress, so don't expect that everything - works and be careful when using production quality secret keys. - - | GPA {{{gpa_ver}}} full source code | {{{gpa_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | +** Source code releases + + These are the canonical release forms of GnuPG. To use them you + need to build the binary version from the provided source code. + For Unix systems this is the standard way of installing software. + For GNU/Linux distributions are commonly used (e.g. Debian, Fedora, + RedHat, or Ubuntu) which may already come with a directly + installable packages. However, these version may be older so that + building from the source is often also a good choice. Some + knowledge on how to compile and install software is required. + + The table lists the different GnuPG packages, followed by required + libraries, required tools, and optional software. + + | Name | Version | Size | Tarball | Signature | + |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| + | | | | | | + | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG modern | {{{gnupg21_ver}}} | | --- | | + | GnuPG classic | {{{gnupg1_ver}}} | {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| + | [[../related_software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libraries.en.html#lib-libgcrypt][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libksba/index.org][Libksba]] | {{{libksba_ver}}} | {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libassuan/index.org][Libassuan]] | {{{libassuan_ver}}} | {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| + | Pinentry | {{{pinentry_ver}}} | {{{pinentry_size}}} | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| + | [[../related_software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Dirmngr | {{{dirmngr_ver}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| {{{check_sig_note}}} + Remarks: -** GnuPG Made Easy -# <> -#+index: GPGME!download - - [[../related_software/libraries.en.html#lib-GPGME][GPGME]] (GnuPG Made Easy) is a C language library that allows to add - support for cryptography to a program. It is designed to make - access to public key crypto engines like GnuPG or GpgSM easier for - applications. GPGME provides a high-level crypto API for - encryption, decryption, signing, signature verification and key - management. - - | GPGME {{{gpgme_ver}}} full source code | {{{gpgme_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | + - /GnuPG stable/ (2.0) is the modularized version of GnuPG supporting + OpenPGP, S/MIME, and Secure Shell. - SHA-1 checksum for the above file: - {{{begin_chksum}}} - {{{gpgme_sha1}}} gpgme-{{{gpgme_ver}}}.tar.bz2 - {{{end_chksum}}} - - {{{check_sig_note}}} + - /GnuPG modern/ (2.1) is the brand new version with enhanced + features like support for Elliptic Curve Cryptography. It will + eventually replace the current stable (2.0) + - /GnuPG classic/ (1.4) is the old, single binary version which may + be build even on ancient Unix platforms. It has no dependencies + on the above listed libraries or the Pinnetry. However, it lacks + many modern features. -** Libgcrypt -# <> -#+index: Libgcrypt!download + - /Pinentry/ is a collection of passphrase entry dialogs which is + required for almost all usages of GnuPG stable or modern (2.x). - [[../related_software/libraries.en.html#lib-libgcrypt][Libgcrypt]] is GNU's basic cryptographic library. - - | Libgcrypt {{{libgcrypt_ver}}} full source code | {{{libgcrypt_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | - - SHA-1 checksum for the above file: - {{{begin_chksum}}} - {{{libgcrypt_sha1}}} libgcrypt-{{{libgcrypt_ver}}}.tar.bz2 - {{{end_chksum}}} - - {{{check_sig_note}}} + - /GPGME/ is the standard library to access GnuPG functions from + programming languages. + - /GPA/ is a graphical frontend to GnuPG. -** Libksba -# <> -#+index: Libksba!download + - /Dirmngr/ is an optional tools for use with /GnuPG stable/ (2.0). + It is already included in /GnuPG modern/ (2.1) - [[../related_software/libraries.en.html#lib-libksba][Libksba]] is a CMS and X.509 access library. - | Libksba {{{libksba_ver}}} full source code | {{{libksba_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | - - SHA-1 checksum for the above file: - {{{begin_chksum}}} - {{{libksba_sha1}}} libksba-{{{libksba_ver}}}.tar.bz2 - {{{end_chksum}}} - - {{{check_sig_note}}} - - -** DirMngr -# <> -#+index: Dirmngr!download - - DirMngr is a daemon to handle CRL and certificate requests for - GnuPG 2.0. It might also be installed as a system daemon for CRL - and OCSP checks. Note that GnuPG 2.1 already includes a modernized - version of dirmngr. - - | DirMngr {{{dirmngr_ver}}} full source code | {{{dirmngr_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | - - SHA-1 checksum for the above file: - {{{begin_chksum}}} - {{{dirmngr_sha1}}} dirmngr-{{{dirmngr_ver}}}.tar.bz2 - {{{end_chksum}}} - - {{{check_sig_note}}} - - -** Libgpg-error -# <> -#+index: Libgpg-error!download - - [[../related_software/libraries.en.html#lib-libgpg-error][Libgpg-error]] is a small library with error codes and descriptions - shared by most GnuPG related software. - - | Libgpg-error {{{libgpg_error_ver}}} full source code | {{{libgpg_error_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | - - SHA-1 checksum for the above file: - {{{begin_chksum}}} - {{{libgpg_error_sha1}}} libgpg-error-{{{libgpg_error_ver}}}.tar.bz2 - {{{end_chksum}}} - - {{{check_sig_note}}} - - -** Libassuan -# <> -#+index: Libassuan!download - - [[../related_software/libraries.en.html#lib-libassuan][Libassuan]] is the IPC library used by some GnuPG related software. - - | Libassuan {{{libassuan_ver}}} full source code | {{{libassuan_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | - - SHA-1 checksum for the above file: - {{{begin_chksum}}} - {{{libassuan_sha1}}} libassuan-{{{libassuan_ver}}}.tar.bz2 - {{{end_chksum}}} - - {{{check_sig_note}}} - - -** Pinentry -# <> -#+index: Pinentry!download - - Pinentry is a collection of different PIN and passphrase entry - modules. One of these modules is required for GnuPG-2. - - | Pinnentry {{{pinentry_ver}}} full source code | {{{pinentry_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | - - SHA-1 checksum for the above file: - {{{begin_chksum}}} - {{{pinentry_sha1}}} pinentry-{{{pinentry_ver}}}.tar.bz2 - {{{end_chksum}}} - - {{{check_sig_note}}} - -** Entropy Gathering Daemon -# <> -#+index: EGD!download - - The latest version of the [[../related_software/libraries.en.html#lib-EGD][Entropy Gathering Daemon]] is available at - the usual GnuPG sites: - - | EGD 0.8 source code. | 30kB | S | {{{ftpopen}}}{{{ftp_base}}}/egd/egd-0.8.tar.gz{{{ftpclose}}} | - | Signature for previous file. | | | {{{ftpopen}}}{{{ftp_base}}}/egd/egd-0.8.tar.gz.asc{{{ftpclose}}} | +** GnuPG binary releases +#+index: Binaries!download - {{{check_sig_note}}} + In general we do not distribute binary releases but leave that to + the common Linux distributions. However, for some operating + systems we list pointers to readily installable releases. We + cannot guarantee that the versions offered there are current. Note + also that some of them apply security patches on top of the + standard versions but keep the original version number. + + | OS | Where | Description | + |---------+-----------------+---------------------------------------------| + | | <15> | | + | Windows | [[http://gpg4win.org/download.html][Gpg4win]] | Installers for /GnuPG stable/ | + | | --- | Simple installer for /GnuPG modern/ | + | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG classic/ | + | OS X | [[http://gpgtools.org][Mac GPG]] | Installer from the gpgtools project | + | Debian | [[https://www.debian.org][Debian site]] | GnuPG stable and classic are part of Debian | + | RPM | [[http://rpmfind.net/][rpmfind]] | RPM packages for different OS | + | Unix | [[http://gnupg.unixsecurity.com.br][Unix Security]] | Packages for some other POSIX systems | + | VMS | [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]] | A port of GnupG to OpenVMS | + | RISC OS | [[http://www.sbellon.de/gnupg.html][home page]] | Sources and binaries for RISC OS | + |---------+-----------------+---------------------------------------------| + + +# eof # diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org index fccf565..8bff4ed 100644 --- a/web/download/integrity_check.org +++ b/web/download/integrity_check.org @@ -13,7 +13,7 @@ If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the - signature of the file =gnupg-{{{gnupg_ver}}}.tar.bz2= you would use + signature of the file gnupg-{{{gnupg_ver}}}.tar.bz2 you would use this command: {{{begin_example}}} @@ -22,12 +22,12 @@ This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made - by that [[../signature_key.org][signing key]]. Make sure that you have the right key, either + by of the [[../signature_key.org][signing keys]]. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. - *Never use a GnuPG version you just downloaded to check the - integrity of the source* - use an existing GnuPG installation. + Never use a GnuPG version you just downloaded to check the integrity + of the source --- use an existing GnuPG installation. ** Using sha1sum @@ -51,24 +51,26 @@ compare the list below with the one included in the announcement mail posted to several mailing list. -** SHA-1 Sum Summary +** List of SHA-1 check-sums - For your convenience, all SHA1 sums available for software that can - be downloaded from [[ftp://ftp.gnupg.org/][our site]], have been gathered below. + For your convenience, all SHA-1 check-sums available for software + that can be downloaded from [[ftp://ftp.gnupg.org/][our site]], have been gathered below. +# {{{gnupg21_sha1}}} gnupg-{{{gnupg21_ver}}}.tar.bz2 {{{begin_chksum}}} - {{{dirmngr_sha1}}} dirmngr-{{{dirmngr_ver}}}.tar.bz2 - {{{gnupg1_patch_sha1}}} gnupg-{{{gnupg1_patch_ver}}}.diff.bz2 - {{{gnupg1_sha1_gz}}} gnupg-{{{gnupg1_ver}}}.tar.gz + {{{gnupg_sha1}}} gnupg-{{{gnupg_ver}}}.tar.bz2 {{{gnupg1_sha1}}} gnupg-{{{gnupg1_ver}}}.tar.bz2 + {{{gnupg1_sha1_gz}}} gnupg-{{{gnupg1_ver}}}.tar.gz + {{{gnupg1_patch_sha1}}} gnupg-{{{gnupg1_patch_ver}}}.diff.bz2 {{{gnupg1_w32cli_sha1}}} gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe - {{{gnupg_sha1}}} gnupg-{{{gnupg_ver}}}.tar.bz2 - {{{gpgme_sha1}}} gpgme-{{{gpgme_ver}}}.tar.bz2 - {{{libassuan_sha1}}} libassuan-{{{libassuan_ver}}}.tar.bz2 - {{{libgcrypt_sha1}}} libgcrypt-{{{libgcrypt_ver}}}.tar.bz2 {{{libgpg_error_sha1}}} libgpg-error-{{{libgpg_error_ver}}}.tar.bz2 + {{{libgcrypt_sha1}}} libgcrypt-{{{libgcrypt_ver}}}.tar.bz2 {{{libksba_sha1}}} libksba-{{{libksba_ver}}}.tar.bz2 + {{{libassuan_sha1}}} libassuan-{{{libassuan_ver}}}.tar.bz2 {{{pinentry_sha1}}} pinentry-{{{pinentry_ver}}}.tar.bz2 + {{{gpgme_sha1}}} gpgme-{{{gpgme_ver}}}.tar.bz2 + {{{gpa_sha1}}} gpa-{{{gpa_ver}}}.tar.bz2 + {{{dirmngr_sha1}}} dirmngr-{{{dirmngr_ver}}}.tar.bz2 {{{end_chksum}}} diff --git a/web/signature_key.org b/web/signature_key.org index af9cfd7..e25fbb7 100644 --- a/web/signature_key.org +++ b/web/signature_key.org @@ -4,425 +4,152 @@ * Signature Key -To guarantee that GnuPG versions you download has not been hacked by -some malicious person, tarballs are signed. +To guarantee that a downloaded GnuPG version has not been tampered +with by malicious entities we provide signature files for all +tarballs. Instructions on how to verify a signature can be found at +[[file:download/integrity_check.org][integrity checking page]]. -Signature key is reported below. It can also be retrieved from the key -servers or obtained from the GnuPG source tree (=doc/samplekeys.asc=). +The used signature keys are reported below. The keys are also signed +by the long term keys of the respective owner. -Instructions on how to verify the signature is available within =README= -file of GnuPG distributions. +Current releases are signed by one or more of these four keys: #+BEGIN_EXAMPLE - pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] - Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 - uid Werner Koch (dist sig) - sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31] + pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] + Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 + uid Werner Koch (dist sig) - Releases done in the years 1996 to 2010 are signed by this key: + pub rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] + Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 + uid David Shaw (GnuPG Release Signing Key) - pub 1024R/1CE0C630 2006-01-01 [expires: 2011-06-30] - Key fingerprint = 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630 - uid Werner Koch (dist sig) + pub rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28] + Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06 + uid NIIBE Yutaka (GnuPG Release Key) - Releases done in the years 1998 to 2005 are signed by this key: + pub rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31] + Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9 + uid Werner Koch (Release Signing Key) +#+END_EXAMPLE + + +Releases done in the years 1996 to 2010 are signed by this key: - pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31] - Key fingerprint = 6BD9 050F D8FC 941B 4341 2DCC 68B7 AB89 5754 8DCD - uid Werner Koch (gnupg sig) +#+BEGIN_EXAMPLE + pub rsa1024/1CE0C630 2006-01-01 [expired: 2011-06-30] + Key fingerprint = 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630 + uid [ expired] Werner Koch (dist sig) +#+END_EXAMPLE +Releases done in the years 1998 to 2005 are signed by this key: - -----BEGIN PGP PUBLIC KEY BLOCK----- - Version: GnuPG v2.0.17 (GNU/Linux) +#+BEGIN_EXAMPLE + pub dsa1024/57548DCD 1998-07-07 [expired: 2005-12-31] + Key fingerprint = 6BD9 050F D8FC 941B 4341 2DCC 68B7 AB89 5754 8DCD + uid [ expired] Werner Koch (gnupg sig) +#+END_EXAMPLE + + +Here is a public key block with all required keys: + +#+BEGIN_EXAMPLE +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 - mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT4 - 3No/coPajDvhZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWvFs5+YpCDwW - G2dx39ME7DN+SRvEE1xUm4E9G2Nnd2UNtLgg82wgi/ZK4Ih9CYDyo0a9awCgisn3 - RvZ/MREJmQq1+SjJgDx+c2sEAOEnxGYisqIKcOTdPOTTie7o7x+nem2uac7uOW68 - N+wRWxhGPIxsOdueMIa7U94Wg/Ydn4f2WngJpBvKNaHYmW8j1Q5zvZXXpIWRXSvy - TR641BceGHNdYiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxY - urUIBACi7d1rUlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnq - bAAW+EUUX2xpb54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9 - quf0yvby63kFCanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtv - Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iGIEExECACICGwMECwcDAgMV - AgMDFgIBAh4BAheABQI/6YJpBQkMMyPLAAoJEGi3q4lXVI3Nou8AnAuw9XXJ9zYP - 7JP7ZbXUf9+00wO/AJsHB45GEJv878Q6SDZRNckFHh6SgIhGBBARAgAGBQI1oic8 - AAoJEGx+4bhiHMATftYAn1fOaKDUOt+dS38rB+CJ2Q+iElWJAKDRPpp8q5GylbM8 - DPlMpClWN3TYqYhGBBARAgAGBQI27U5sAAoJEF3iSZZbA1iiarYAn35qU3ZOlVEC - ELE/3V6q98Q30eAaAKCtO+lacH0Qq1E6v4BP/9y6MoLIhohdBBMRAgAdAwsEAwUV - AwIGAQMWAgECF4AFAj/pgnMFCQwzI8sACgkQaLeriVdUjc2CugCfZn7gqBWjafNb - vZOAInCQA/Rw5zYAnRkyKWw5abGYQboHiwcwuQHiKvgYiF0EExECAB0DCwQDBRUD - AgYBAxYCAQIXgAUCP+mCcwUJDDMjywAKCRBot6uJV1SNzYK6AJ9Gs4h+WWneZKYa - keAjG+DlXy+0xwCfQG8pV6E6f7XZi+f0EId+DfiNRluIYQQTEQIAIQIXgAUJDhSH - /QUCQbxoXgYLCQgHAwIDFQIDAxYCAQIeAQAKCRBot6uJV1SNzQSTAJ9Nd9d2oNLY - I6xlGbQ5SmG5jSHjHgCdFKVbI8acpQXEo7DxPDAJIux29keIRgQQEQIABgUCNuj6 - 3QAKCRAHAyqWiQTI4hKYAKDNyIrKze113YZz/ZZsdFCShO0rBQCcDFiAZxivd6I7 - ll4fWIA0ckmSmaiIRgQQEQIABgUCOcwPPAAKCRAyw1uAR7qTV/b8AJ9WUVGMiFle - V6EVCKuxKc9YnfoQ1QCgzGUqNeYfb3xgI68racTrOXJVvhuIPwMFED1dFpBsryRo - IByznhECwRQAn1Ho60oFxkas1xl+sCpZ80cukB8fAJ48MPZI3wHW7Vf9egVKS3EO - 76eEJYhGBBARAgAGBQI1pysWAAoJEAQ1xdJF3KZpeMoAmwZEvOS95jEKj/HnbFBD - Dp5C4dw0AJ4nsZgDnGDAG7FCEJI6+LoIIUit44hGBBARAgAGBQI1pytxAAoJEITk - +JQB5ZloGOgAnjVcqopXEyMYEZfF98STKmutKPiKAJ9xHmxZW3KtVSTRf/ITSNSs - /0gClIhGBBARAgAGBQI21moBAAoJEJKyepXkBBOquBcAoNljEbSHXMLH54/J4Hit - AsiI18amAKDrDLnxCzmC+8m/OTNu4mZamePP3ohGBBARAgAGBQI314yyAAoJENa2 - +kuMjp8j2KwAoK9+TObp3jf+TwnPVIfXGkmHSbcMAKDo8zs+isKynXOMF2g50STZ - waWTHYhGBBARAgAGBQI32QNDAAoJEM024CF+PI6rjjkAoKo8mBja4lOGW+miluBh - 3LiTaDNJAKDQrqc4kkfaQcVlXjDVYVael74oJohGBBARAgAGBQI4JoPuAAoJENXo - h0OUdhKzCAMAnRfk1mf0+yiUdMuSENhKMXyysZ2sAKCvMSdEEmGomWCgsQfLWMzC - LR7+5YhGBBARAgAGBQI4WM8aAAoJEHEtCxfQPYpPbZwAnRr7nX029eq1E0Pv9FwQ - rgs3Zu+nAJ4s25RKi089/avsVVqnm87egAzB2YhGBBARAgAGBQI4XUq+AAoJEEPM - 0G/dqdt2qekAoN1HvYZQ6AxvNVLx3M06s/ytk21NAKDNn0RgGyCBiyQeLuV3Gkuq - xke7kIhGBBARAgAGBQI4YMPoAAoJEHFG8OMwcClIpb0An1H9sxwJF5/2bKL0HZsL - XO43aq1sAJ9z7U0cOGYNIrRNpHlJ67ZPJX0tx4hGBBARAgAGBQI4mP1QAAoJEGXc - QrfU5YAmi8wAnihZi/5OG9CnzMx1UKdtBAvvt4t2AJ9lX+jCeoO3TF8QykdMXSFI - dDHL3ohGBBARAgAGBQI4q/0WAAoJEDW6YX9GCEVakzQAmgNaF00/D/eOgHmtLEjE - 0IH1H2yUAJ9EKs47I9s8U7IYJOGoQRy7LD1JRYhGBBARAgAGBQI4vt9pAAoJEC5A - rMtkcKsmHDkAoL3TIizomIuEKO6vwHMFcFndsaAaAKCJAkq+I2mjYimFE7ajlaL0 - jyecGohGBBARAgAGBQI483onAAoJEIQ/V9estY1PhJYAn0hEgISY812GhhZRzuE/ - sc5RWEd+AJ9SxHhtH0oJNrKcGYq8AoD9yJMGHohGBBARAgAGBQI5DSiPAAoJEFL+ - 72cgfnGZx5UAn1UiUx9sLoaeLeMtdmztURfk1ZAJAKCJ3juG6XKBMjLl4+SmCM47 - VkM/9ohGBBARAgAGBQI5Rs0pAAoJEH/i7V71FDsqLkoAnivh01I3uQurWc5bnb7f - T1GIOmfyAJwOE/KCrJV89Rko61XC+20dlzKzGohGBBARAgAGBQI5TM2WAAoJEAJx - 6COq/B+4jTYAnjOMlKc5tuqspHgAUgAVmBda5XNGAKCIqZ3Fu33suLyRABGZ+tN3 - tJ1QZ4hGBBARAgAGBQI5Zs0MAAoJEEcWKRmClXtmuPEAoJe7siEXNYVflP+Glf71 - M2xvkSa3AKCerd0dwvhmi4Ao4ujBnuZI4YUIhIhGBBARAgAGBQI5bedgAAoJEDLG - kzuo7SAfxjMAn2I7CSRyEz8mkaD3emaM1WYxvbb5AKCFOlNjoxNmu3SSWfgrW1EE - SYPQY4hGBBARAgAGBQI5kqZcAAoJEMfg9pSiTYtOVeUAoMTgBNUjD+AYQEzIU1zY - kiW1NgZhAKDW3GzsDPqzs3nF+mkMnggYPFnEnohGBBARAgAGBQI5tN9hAAoJENGO - Dw57qpD6cEkAoLm4o/nqc2SDZ2eKr5hYDTUfWBlCAJ9g8KJvMM6+/1tEPaolM/hV - WKBx6ohGBBARAgAGBQI5ypYLAAoJEJ853fBeKcbCFbgAn3PjBy25SYCXCOWeNg+H - ebn7Pi7GAKDKtfxnXigrcdNvARmZtWHNMzvHMIhGBBARAgAGBQI5zQ+XAAoJEPd9 - ddcOjOSBz8YAn2a5jCk052U+frr+sFRQ1MqKmrxKAJ9J71OdRNZLefkD7ihJ2Ymc - o8Gsp4hGBBARAgAGBQI5zzSCAAoJEKZZdW0/TbZp0ssAn1qZ7PJCIHf6ErUG111c - 5bWjCbW3AKC/3Cf/ZNZK2mKZOmfCCRn9sBBlRYhGBBARAgAGBQI55+EEAAoJEEQ0 - VrKnu+CclHMAoNOx0T2hZqYtHoxhruXjMvAOpfHtAKCvYm+l6Yah/UuM6OrsKbXr - 7ulq9YhGBBARAgAGBQI58yQiAAoJEOY1PDi4UosBhq8AoN9OP59IYJ+NQYJmpdoy - PFgJitPfAJ4tlu7qDh0lpQUBJKIrCjG0od4yIYhGBBARAgAGBQI6A6zWAAoJEAa2 - rnqGiisg4Y0An2Y/8oNJ+Oj40zqQGYn0rCZNTbbqAKDmvIQiqEcdQn/SoIhELxW2 - YZs+WYhGBBARAgAGBQI6Gfa2AAoJEL4aU+syO97mR7kAnjSX4QP7gR6x1BYTCC89 - u2gSXAQtAJ9nReACgNU/D+TLqimlMS9TqnTyZIhGBBARAgAGBQI6QjVhAAoJEN9J - A6fJssLArhgAoMONOWaoVjK4DXsFNID5Zc/kvVevAKC3q/YHRHK92h4cWcZmaY7E - cuMP7YhGBBARAgAGBQI6c0fgAAoJEIj3xI8iNZX1HdIAnAug/Inx3NbV/a5vNgES - SQc3jWn1AJ4pu8BlA1FywwpMkIC6GXAWeHsoaohGBBARAgAGBQI6kBGJAAoJEPOk - M758VsXv+K8An0lw/DejITM3yqmem+l/5GoP3Uv0AJ9kDPVOHQq1JfJDk3WWz/jQ - vh3MdIhGBBARAgAGBQI6k/ROAAoJEGnBgyv5Otrs1aQAoNARp9b/2AqdQ0Ug0moS - RhRexiUuAJkBwZY54+uszs8Q7P+HTeSqWVi3zohGBBARAgAGBQI6ln0BAAoJEKu/ - XM0hJhuIIhgAoP6jS+IboXddicsmt6kyXhWBYDJtAKDljV7NQnqWDBmdRzYW3CYh - /hvPyIhGBBARAgAGBQI6nlT1AAoJEPqlSVpCsy/Jc7wAn12uIYBL9WfhmS2Sh0O+ - mIO2j580AJ9nJvBuz4q07lkgDUFVJQlruD1IfIhGBBARAgAGBQI6xKZNAAoJECAs - PjFYbhLlDsgAn0tfgJSaxWUd5s0ZGmKob7b84onEAKC15V+DRTrE1tArKxy/itSN - iMtQG4hGBBARAgAGBQI6zP4MAAoJEP2mrjmFey4hMioAn0UGCzQKKSmQqGw0B3x8 - abYWUC+aAJ9cpULGVtTlggjdM2AEDI+LaYyaeIhGBBARAgAGBQI6ziMsAAoJEOB5 - DjbKcLrc2aEAnR1WTr4J4dpFuNtvRTsEXbVcm2RlAKDoZbCBC9I+VuGCQhkK4Xe7 - 8bqNL4hGBBARAgAGBQI61vgkAAoJEJeJjZL0kb0h64gAoNU2VN5G1PryITJbB49E - xmAjcmRGAJ0crDTB0H8MiiTRPt4PaDf+sh9CnohGBBARAgAGBQI7FTOnAAoJEOTO - X3gKLDxeqsgAnjMWBiiEToG6ATHKHZhkbFh52sTdAKCi4/cu+BYrzhNL+KHZXc8F - bP49t4hGBBARAgAGBQI7GQwoAAoJEF4Gyczs+hnFZhYAoOMcc6W4Rg3pd+9eEtqx - ZHlDDIoEAJ9VG0vhxw9szHap9L0bNN3awkZanIhGBBARAgAGBQI7JUB0AAoJEB3T - gN9DaBQASVsAn28snlWv8ljqxPsS2e7xqJxzND3GAKCsObLMGdGyED2YKlu0sSa4 - E7cE+4hGBBARAgAGBQI7PonmAAoJECTQzUdmDtvZdT0AoJwx1hvhf+2pMN+e0u05 - bb0ebVfnAKDpZKStArdW8xS/idhP9R7UaHyZvYhGBBARAgAGBQI7ScU3AAoJEDec - kqFodBLoiG0AoItVFw4742i3VVL75rHpS/iRTyXXAJ46OJxgMvJ9knQ0l4so5JiB - otS/8IhGBBARAgAGBQI7Vf1SAAoJEFbTlPwk1QvEjPoAn21RJvXsS2r7ULpXtiKI - cK3/+9jYAKC3qGXWrrPZmFKAksFXo3rCyzQZYYhGBBARAgAGBQI7awLUAAoJEBd4 - 3VVgXTjQKI4AoKzDCRFCypusHv+HobIOrB7IIT8TAKDJ0Env5dzMRub+k88oAKje - 3AyYxYhGBBARAgAGBQI7b+zBAAoJEK6vjC0HwEYDSbYAnjD/E6PAovkpDzSAoTzW - gmhIqOjfAJ41Nryc49NSfzwmHjHKA02eGmjvZYhGBBARAgAGBQI7eNsgAAoJEI/A - t40JszEG65oAn3gQAikxZTrE3G4YZbyI2SfWVE9dAJ9DR1B56JLQOBjHcVub0frd - boRnFohGBBARAgAGBQI7hEQBAAoJEFwx4sMqF2LdKY4An01JbxbW3DrWPwxoLaNc - K8u8rgnGAKCEF+4ICy2QiFUTOjXVeevFwKaKHohGBBARAgAGBQI7kOZuAAoJEFwI - fke31CB7qREAoJ8lDAoLcN7vtSgtx8BfwRMW2Q0qAJ9Ru/GtQglsVha+XrgC1Vzd - B4zqT4hGBBARAgAGBQI7sbiiAAoJELBm2s/e4NveRe0An15yU2qDEyVxOCkaof5A - J74yKDTQAJ9ZyEiwLE1gQKuabrs/bUL3yvDWP4hGBBARAgAGBQI7v1c6AAoJED/O - KBDjNrEGu8wAn323cSQPxAIku2BOJ6Ai/T6EWuaqAJ4xOQHIAR2RQNZY9N2cHXIS - Ehu+oIhGBBARAgAGBQI7zECMAAoJEL6VZu5GV3J0pmsAoJjHoGQYZnqA2nkkD82K - lFm8ypDtAJ4jDyaF0RmkcfcmpjOA9LOg8rp8D4hGBBARAgAGBQI73t7LAAoJEIeo - vXamM4UazXQAnjd2m9MQaZ8q7mVBxEpup10sFMZwAJwIJvIeB+kUppNTea6ijo0w - pCuF8YhGBBARAgAGBQI7430SAAoJEB/tJKqSZfr7xIIAmQHbJSna96OkNqDCdSQl - gm0TAoPUAKCByEtRAOO+3GtDu2byKOXqqQQf9IhGBBARAgAGBQI78y1IAAoJEPFm - QMK+QtymtcIAn2rhARKRI+Ilaf+8NmfX64/NsFw+AJ9LFE0WZD7BSPmErPYKtH3q - 4nB304hGBBARAgAGBQI7/a2UAAoJEDdpZyTeGKgb45EAn3Ttnv2G66peIp6Qd0LK - 9HyHMG52AKDCEdDCDgpOp9xE9y3Qfy3XaeK2johGBBARAgAGBQI8OvrmAAoJEH0J - HgBCHFE0amsAnjzZ1rzTcQr1X5FVcQjlkqja3y0LAKDRr652u3GCVSTU4TFj6//+ - yKrSSYhGBBARAgAGBQI8WSziAAoJEJgXkxOJvYru6ZcAn2aTbYiVEFX814lG6qaS - K8LanQOjAKDiEB6Q6EF5ZwG9NqIKt9CxWCYzY4hGBBARAgAGBQI8XB4lAAoJEC27 - dr+t1Mkzbv0AoLd0yc8rHrSTfzvXAMtQyAKh4HuMAJwPgqYNdOXUM3hkTHipMN72 - v2MXcohGBBARAgAGBQI8fAA1AAoJEPJk0qCezPAhoGMAoNE5kpHw0fI7yu7py5vD - +O1nYLdSAJ49Nt+hkrRCdJeiwTRhw3S434jADIhGBBARAgAGBQI8iA8eAAoJEKO8 - fk+VSKRRLTIAn0wHfcDCzH7lVwvdck1DE99ZKp3UAJ93Rnr7Ut8FiWOsgaSjEYOM - /Wn2bohGBBARAgAGBQI8pwmAAAoJEGFhpSo9Vtc9TFMAninforCqZtGuJ1zaipXc - 9sIicMIjAJ9bsGgNfFpkIaOkhwoYcZ+m0kZkLohGBBARAgAGBQI8xSCzAAoJEOnW - IbyLxfYrs9IAoOYpFNtlaOU4mzgA9q64FU+aRCejAJ9LpWSYdz9FQStASLILJYYH - 0cj8vohGBBARAgAGBQI8yc+PAAoJEKmGnWIe6RjWJ0QAoJ2nEZs/HYmJ9FF1jn+l - phCnWZOaAKC2cRtAnlpSmgj2fWWtzBPAjMRulIhGBBARAgAGBQI80OgmAAoJEDFc - jj1lbLW1N0sAmgIlqOJ3G3EE9CPIJ60xVH5+//Z9AJ9Ou9+9E+Fze6zMB7Vn7j/L - AzsfwIhGBBARAgAGBQI84DImAAoJEEPaqJTf81JOjJkAnjo8IJSyn1RDc0C/SByu - ZlqSRjjRAJwKxnmGh3EMe1ZVtO3ZGe50S7Tda4hGBBARAgAGBQI84PTyAAoJELoW - FZDMNQMyLZ0AoOAdy099LVvSlHyVqjtRc3RctixdAKDyxlwDweoBvGYQpsT6iqb7 - xPpkcIhGBBARAgAGBQI86d10AAoJEGsY5C12UxliJoEAoKgP1pbGf7WFJR8q3Nyk - HoMYoirnAJ4k4kusg6EL9nt/WBcKmzWDO2sEs4hGBBARAgAGBQI88QRCAAoJEPsP - OnXTORgQ0a8AnRcSVlV84X56jTnSftapXggAxG/yAKCbIogHWD0SrzV0DXgjo+AE - IuYXCohGBBARAgAGBQI88l+3AAoJEE6prRadbVuu/aUAnivV8DalPGw3QcuFmpBK - wSwEMCY7AJ96Mb0eJVCmj/+nbtDIhXj9ihCCAohGBBARAgAGBQI89JjcAAoJENOh - xR3NTfIFU0QAnj0YNNd5gZNHfNmIb1jai+5dgSX2AJ9bovKcoZIZxeOoFPpmlF66 - WIozL4hGBBARAgAGBQI89QC/AAoJEE6prRadbVuuw40An1sLHPZXu05p4/wqDnqN - bECMZ9QgAJsFRiiz9IbLbtJ6JolVDGHpvLrrN4hGBBARAgAGBQI89QDzAAoJEBnb - ZojaeNCo04YAoILQe2cG58KsPTSyIkKTg+mwkQouAJ0eCgjvNWrhPHiSRnegEsbF - o4zsK4hGBBARAgAGBQI9H2xgAAoJEGHsr3XM5FOYekcAoMY+mIbdRh9YTGKrskfW - QQCQ87bxAJ0ZZTr2iwukIOXW8ryk4zlD72ZWi4hGBBARAgAGBQI9bjqiAAoJEHLT - tWP+y1FLj0kAnjGZGzl4VHxvUa+c4gD/GMrw6wgEAJ45Gy0INAp+Rh6NJbNECzjH - OFjstIhGBBARAgAGBQI9cUfYAAoJEFwRFAeEa7Skd/AAniL6ZGAUqQGs8siu2ia0 - SnVoLBQyAJ9DrvhmP3aaZf+/GwR8Gx+Lt7uwTYhGBBARAgAGBQI9eF2CAAoJEG9K - 95D+u1J7GAkAoIVs4Kxb0R7luN6Pi+WhXNfii4QbAJ0UZLJ/ySM8ZbHnGTUNIooe - ecnLjIhGBBARAgAGBQI9h9ZMAAoJEMR6qYKMZW0ODu4AoMMA74PG6QjDICxdsLWe - hhuJf3VzAJ9aHtt/ld1W/DTWSjdvH6AP9g6ZeIhGBBARAgAGBQI9k3U6AAoJENBl - k7NU+gyIiCcAnj46+kM9W4dDxs0dqNGCOXfzfXUjAJ9DWG0bLQ/tixVsWApUHTd+ - ffQM2IhGBBARAgAGBQI9p/iCAAoJECxm82ySywptILkAnikhz+yOxNJMNnj/aB9C - h4i0fQmUAKCHRje8FE5DZSPWf+OwYcixOm+TxIhGBBARAgAGBQI9rwp0AAoJEDxV - WkwvmGAIsxsAoJgH82l8l5GRGwXBl26AHj8ZA6zaAJ9bKL45L0jyrSRF1V5FPLxY - twXDe4hGBBARAgAGBQI9tsipAAoJEIIYfzQ7kw7P9UAAoJ4URNsGaPSQkTSKLO9E - rSPkRdHXAKCynlouXdSQ70FBn4j6mG5I40cnGIhGBBARAgAGBQI93wWnAAoJEE1r - ZOIZBCWd+yoAn0IBXJN0bR73EG7dtOPB4Vf+MIqjAKDky8A5HD2DHDrED/bCDDBG - JeS134hGBBARAgAGBQI98WVmAAoJEP4Xknlj8hRJ51kAnijQacczGC7jafSF5un6 - nRG65a7kAJ41Z8eK4JMaTNVLkkM3n1e7hh7RAohGBBARAgAGBQI+n5+UAAoJEO5p - t4fBbO/YeOIAoJA3UYEf9kntgTFeNY8pOAnCY4ouAKDjI2BHDR3zlcNPNcaczJO1 - Uvxd64hGBBARAgAGBQI+n5/CAAoJEDBJWXZ7Y/q9XWYAniEPJv06FUNu2iZr2eON - fn137TmAAKDQoEEKk4kZ8bYxI6HmRRbBU7hQTYhGBBARAgAGBQI+thg2AAoJEB4q - exxFM9Jns00AoIJMwTx+2aRpo3WNCdulrRUzx/ZwAJ4waxt3zbR0M15kEF8mlB0h - 198mOYhGBDARAgAGBQI4no7wAAoJECShvswraT6/w8oAn0XLPn0F4s9wQ4pGXNPC - m7MJ6E5zAJ9CbanRlaKAXoD1LP5bmADGkRBqfYhGBDARAgAGBQI+1KueAAoJEK4I - uPUH3Hp+6ngAnRTP6a9ztIe15H5seESNWjlpGzBcAJ96No/FG7JY9qHg2WoJs/F4 - /KKlH4hKBBARAgAKBQI7heRSAwUBeAAKCRCNvZIahzuneBt2AKDtP0g+JAHXbWpf - HSl8MD1TnCKKYACeL5DRtpWgKqbDYn5FvT4hWvNfIh+ITAQQEQIADAUCOiGBggUD - A+3ogAAKCRAySnMapnzv/Wl4AKDrpmoVRbgU7mbL+ZmtsRt3VT2XMwCgtb4hCIQG - pLYRG/j4tEkcniu3KqmITAQQEQIADAUCO96rcgUDAFMOgAAKCRDjPKcIjmJ+pPM4 - AKD2l/j2XkSV7If4J7Vr2qK2GNPw9ACgxY7FrKEHy8t8/dBJK+NBhV7n2SCITAQQ - EQIADAUCPY6TfwWDAICXJwAKCRAAUOX6oWT9DUZMAJ0ZTxGE8x1MAEZBxwWqJqrs - SFsyRwCeOiIx4wCHuLhprrpCHfcKUz5AEn6ITAQQEQIADAUCPbnlVQWDAFVFUQAK - CRAZUZWL/wBnRwQSAKCAzuiSsLqv5wz/DzCpE75zZOUAdQCdHKtHbuDS1KUv2LGh - mUxoAHlfzNOITAQQEQIADAUCPlvZdQWDAZW4NAAKCRDaU4KRKI89jrDlAJ4/d8HB - RrGOeKp0WZe2SV3QtlB4QQCgnHAcC5ZZBgP7kUKPmMFWj6Et1waITAQQEQIADAUC - PpHkAgWDAV+tpwAKCRDKVrvTQrehyqKmAJ9ZVoLBRYdx0k6qmvdNLPcfjCoflwCc - DnAP7Iv3E1ZvDYjTMv8TzbprCQSITAQQEQIADAUCPtSrKgUDAeKFAAAKCRCuCLj1 - B9x6fncZAJ0YvhJJEXXd7InRv7zmbQJDNYXt9wCgwVs69iDWOZd7w+HCx1ATOxe7 - 5BCITAQREQIADAUCPhC4NwWDAeDZcgAKCRByG62+aRFQJHOfAKCdS0+8OHL25Q3F - fVubvmgWNWFjIwCg317DNzRpf4Q9+47MI5G2dqXpTeaITAQSEQIADAUCPXN9XgWD - AJutSAAKCRBNj+1jRDFgA2QCAJ47vI/6RoVP8Ft1FBEg9BoufYjTHACgq2xCtE+t - 517ScNWOaLEuLTFrG1OITAQSEQIADAUCPcHdAAWDAE1NpgAKCRD7uVmij+pODRne - AJsFZABV8zGyfY2tqiF7hFvNqJSDawCfXd0TaLK3f6w1ZLSUXubjqv+4FfyITAQS - EQIADAUCPiXheAWDAcuwMQAKCRDk5U0RmgzamXdiAJ9FrLzU1iosekYj4lhyD4aG - yujd3wCeNzhz44vmT5Bf8ZH9C5NSuJfOcc2ITAQSEQIADAUCPiXi6QWDAcuuwAAK - CRCTzKj2+Q404rd7AJ9Ga2K/WEXdoQVGCRi8UvaTJPLQfwCdFvcVVpXBmkByTUuU - F2mKSOTzdbmITAQSEQIADAUCP2mklAWDAIftFQAKCRD9EXAI2MiHX1NTAJ9FwxVt - 4ni2lZy4X1tslTEdP/JMWgCff7VETWUoJ21ehXIyecEJ+hIQTLWITAQTEQIADAUC - PaGNQQWDAG2dZQAKCRCL2C5vMLlLXPckAJ4vTZrQma+f2OEkDj1l2RrkfHc6IACg - hd0OG8Kz31yfPwtRDg//FC/3XXSITAQTEQIADAUCPb6/NAWDAFBrcgAKCRAJHm/E - FCxT9N4hAJ9w972dsHdayzDxXM2PgSiuLibQ2QCeKp/SJztgiHxIb5fLWBfkJW5Y - GqGITAQTEQIADAUCPdEXBAWDAD4TogAKCRBFaHG18acrUoTiAJ9O2kYrMui5yUwd - AS942rjUN3UScgCfeE3ZFp8sMlAPm56JKeXYy8+1tfCITAQTEQIADAUCPdpsbwWD - ADS+NwAKCRD7jyVk9dpr49bLAKDo1adhDf4/NoSC8vdnniAV9ZvpZwCgh9pv0BD7 - gObIIocl1WS2dEiHKIOJAHUDBTA4ny05OyKrYzxvKPEBAYDhAwCRGhZyddRiZTKU - iJMU+JFNQ6VyRnPsOb4V/MY6o05ZGwktQHq8jNhRs/8Dyg4x7Rve2G6bZnooK8eW - WfTv8KferE2KSoipPd2EcszzrSeBoWoTEePCwbumJx6aSZ8QsoOI3gQQFAMABgUC - PnNvCAAKCRD/YM2ca4P1c1V3Av9ahxx12+OfQS3/1LcSvkbw7m8VF1z4/L1SxJNd - xIUeKSdJabPMokhfrIbdTpGKS2HxL8P0OxY4EcyfI1P2nYEM5mCOTIUTkIRXOJFL - r7uqH2fwt1H+XzDnqb8zK/vjDFkDAKveP0k1IUTXXsCZb98qKJWWQiTSwOuVPaTK - go0YD0Of40nHTudnGYtckRFHvHw9ZWxxjazy7MOJwKwUum3NK5j+QIm071E1+yeU - De3Pl4m6VrYyG4EB/Cn+rZYFcqLFR4kBFQMFEDbWahiOXwMHK6ndaQEBnS0H/2/m - Q4p2HuvANo8cUvG8bt+WwPxc68wz8sfS4DGyZR5tdjAhFYPOJmoOYUemfNO3kszu - fJo8mOCB9IKaUsq3HlmAiBcz0PtavA9GBxeDdIdu4ptdN6JJBE/yCgx4AOVAV36x - fyXjSbAoX2SVBdHv/TYJP4szkD8qdcziapDVyMUuILCHHYb5GzHg8QNMOgEvdbow - T+nEjOfQ0m6Gn2gNW8q5aYq3Ao9ZIdGPwJHno4HF5kb6w8rdTJIz9kR0QvSIRm+B - hHCl/+3y+dLz8uL8zql6boWfAtqVDC/+8wUVC8GIcmpEnVXGx0dUMxtqnUs7sDZA - aCE+R4OcA3iPIKypdW2JARUDBRA32QNkTcMRMTj+5sMBAcoRB/9s20z4l7mn39Nl - 4+0KkiMI6NDuO7IMTR27lDCQe6bw9KvIP0/o19LsegotepuNmjlI6dueBt90Teu/ - QXY4hxuOwzq4nE73S6vblraoPoq0KLCXp/ntKSLBU35o9cwNRvK62wA6lQhM+EqY - mwywecFw4VXamkd7ALXiAGbYtcaE4hXNdiq2q5C5/gWllLbwW4vd27A/skkxP5CH - nghi1vSBB6JPHYndUDFlzTNlbs0nSkqMWoriTpLmdgLotBwHRMnGOX4TqiKOAf67 - cRqXQVwQQsTYvlUWqtAlp9dwYiCNgbzTpgp/O/UfPajMbo9dF90Z0UCB4I+JoP1+ - 854uvOBTiQFfAwUQNaIeQwNvEbj/PqoLEANjMgUdHoj1KL2DM9A1FwWzbOetOnml - XkyTp/VqpGBnEvcTipRnfF49CHACjd9LLeQLAuYUaq/Nq61IwefwrlXW75PkJIeo - sVgqqPkUa24H/HCgoNcfpQ4/T6Xkg/wfVFOOZ7cWGpqF5z7M8bc1Pnu9zZG7a3o+ - a4DCvLYEy5IUwGzvDNeTILcNsjngxX4go+Mcw5GK8ry4jyOadr2F01XIGJ8KTUZz - GQcFIIW9TzEl4+wD9D//MJ6W+uesiIx9jgJBOYrOR70xLNsBlAhF12CsYCyJfW0T - xndgx3yUOm66MctUR1Zmjqzng4m7Kceu0UU5t1qm7S4itP50RdIBIxRsS40Isvdo - KesS0YkLDEHZM9C8IK9HYErOiXowZbED6eZ115CJvav4Zegpct2cdymwCMDuWReT - cgXInswsUrq4OuMZsYmzYUpJ25SNL8hviQGcBBABAwAGBQI+pMTzAAoJECvQVSqb - AePAAS8L+gNgrZp/r7mrZd6bUAsSpCL5FyfYhrQ9ZW7YjN+b8JKRsD7TRbxx6u19 - Ho3A0uSzXUfYeq2nj6rCG9UiI0r6fHRGrIonngq6TtjN+fhn3meGufDgbcweOsZW - pyKcDB2oPiZdYBeMJMW/I8/yRoqOfQ/YiKDmFl1hUmSVAMuzzsXxmOaI0zbmph7+ - sSNhTm/bI+98YdRdppkWvT/m5sTtvBHOsG6n7HYT8d88bsZsPjWPqMTSKym4OW63 - pK+jV6tooQKGZ2CsPrTMG5jlNoH2YD7G+V/caMeoZiYimKvwTng9YtmbyCSOGxAq - HhEjXGjxrRJW4TWcVjjgfHq6AuL7/019hNkrnHVoGmb4C9MZFuimszCC1k27yKzV - NczOUDm/aAiZU5u19ZXShEgYfo+QgLdChUitzBfYS3GWmoG0YWjB8wFrJW0sBZHM - efJ+j7aAcIxHd2/GqE/PaHDRysTdvtKzqEJQSs93o+/NbVFMEAEupcPjoIZJJlHe - appx8Yehi4kCIgQQAQIADAUCPfGs5gUDAgIpAAAKCRDnOTJpHFO3NcpTD/96V7Vd - NkUzrYz6N2ScclZ5euCb891NGgqBwE2R0/lj2MQIoWIjZ6DxgFu+kRfxOfPQkanG - FR905abzQTbsK3KFJ3LIjrtl+MYpJ0tlHFcQXU2TBPPbN4aksfmldTvSmF8e3WMe - OREDpYGcBetIJ0l/wB+sgD/j5KbLR0IRL9ZYV0g8p4/iCzEAY/EJEs6L4dv5xMIw - w3bIOIgkuawm0dTNebOVSIqkzEd1H19NFUIgB4tzoZm8DIFSHpMQ6SkJaWMOLSw6 - v/zJzPhEaRWIn6vbfPBl68FNy2WVosYZ0Cw8Gg0T1W4n2zpY6vkujTm7AlbQknm6 - qGcVdqfJ2Xf3p2Mvf/pQVO/sHDFusydvnGthvA9Qu1BNIDAl3GtMptTSOh+dOzJV - pCTGMQuk3Ugn51RICishdrj0uMFovHKc8zEbbfOqbWBw4M3iNDDZsWgzPUdy3YUT - 7O1v7onHMzeXIj76esPvnuz68Jm/86dNwy7j0n1n2FuUbuS7ySPJcXuCXhrmnLZU - KyS3gOtZNS/lRNg+NUkrPOfT3Kk6Z8Y4IqVmMSs7navvCyvRH5SKV5qLiZjxD0Hx - m4RWZArBx/8q+UDzeblMnZp8US1NzoaZ4T0TrB9eZqj8Z6qY5Dve0ZqXZ3YZcydk - 3d54LbLiIuYcU8E7lf0ZEPbGdCcP9R+AdHUfxYhiBBMRAgAiBQI+ByOpAhsDBQkK - T3OLBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRBot6uJV1SNzYxsAJ4rb1r863a43/mP - DDcPiR+8yg4lSACgiCcqI1R3pYnImfAzFNg8XdC2mWCYjgRDt/rHAQQA0JkZeitc - yQMqk2xGd/5mGoc4+YNwQo8OSmVwIvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j - 1oPckAhOgRPaOvaEZhYUTF0F/15piAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOm - ygGBkLFuXvHRW1i6SNz28iRH/UZcYLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChk - aXN0IHNpZykgPGRkOWpuQGdudS5vcmc+iLwEEwECACYFAkO3+sgCGwMFCQWjmoAG - CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBTtiDQHODGMHmjBACHQw7SS5DuEzoA - qPxgrhtEZqkcGZ4ieJp6v1jq/BeASt8NRyLsFRBPFegUVOAocfMHPf1vN5K3JCBO - bmmUZo4QlwlrIivTsNp4G1wL90yhVQmzDJsowW0/t9TPTk9EqMKG/GtbOF79ifoE - CY8X7pjFCjZb3yvOrRMdLnAomNeYfIhGBBARAgAGBQJDuBFDAAoJEF3iSZZbA1ii - keYAn3YojYxnY/f5jGq4lOHJ7kpmj0CJAJ4/s1vX/WdjNCtq/oJXRAthMNsk5Yi8 - BBMBAgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAk0tjLcFCQpUTmEACgkQ - U7Yg0BzgxjDweAP9FNQyUfS25FrgbPCqOiiaCizFSOomDSQYQLZt3cVnlMQNenmA - 1lv2/S5OSp47UlrhjnqmuzArF55Mh5DvPChPSHDN5hZ4XxTdqmoHf50XIZfTD7HT - oH/7oO4+9gJb9lfLNvEddB0438Mknv6Jl1sCt6p/KLujeyA/hMAle4tntruIRQQS - EQIABgUCSbck/AAKCRB6g68zSpHCI7xEAJd68iLV4rDbwr0chJq+lySiY6nDAJ4v - 4mEy03yfuszGh7qUpD+7WRVh6YhGBBARAgAGBQJEEKI8AAoJEOrUtZD2iZvAcC0A - nR48vuK105OUB/gljGVRWOwKKDDxAJ4lFTTZucNu9zDFI9QLLFAF5XRsr4hGBBAR - AgAGBQJEGaT+AAoJENy+GP+gNVO89E0An14m/XCFrqbUabJ/gtDJu8KsZpgaAJ0d - b8RXlb1kB4ElbOwDCdStZ5J6kIhGBBARAgAGBQJEMRhDAAoJEPp0OhEyNeweuR0A - nAkrWld9wA/ornprKNsvEDU98F6AAJ98eu1rKJicBf8D/VXfXwVM4ejINohGBBAR - AgAGBQJEXAlfAAoJEIvYLm8wuUtcDxIAn3U5i6FhiXf+pZYJD8lJUpf70fVvAJ9A - EjuX11LMdK2RM4CxCGwDFCMsmYhGBBARAgAGBQJEtdrdAAoJEN02qG8eES5CrGsA - n2NhSBWOKu83V/5LlgGPgY6WNFzoAJ9neioWg6833jJJQRT9x8SodZGDSYhGBBAR - AgAGBQJE2X9FAAoJEPND4G7iyk1N5GwAn2b994OPe/zIQ8cLQbrO+pPPQwxOAJ9G - n8oj2AYA3WNcQXBrtXChD+vZqohGBBARAgAGBQJE5IT9AAoJEHoukft4hdr8VucA - n0lJESihyGWpXXXEQt13Yt7yYtPkAJ9pbWxehQOfiKiz7ZjUAPsdNW2rnohGBBAR - AgAGBQJFYsVaAAoJEGoH/3a3ETQqbOsAn04S64jLlb6c/OorO8TOBIhhJhwyAJsE - b9J9pppvckGGqqjN9oX/kwlx4YhGBBARAgAGBQJGC/OtAAoJEEHjLoH+PeyjXs8A - n1+Tpm7p7875jYBg+euVl8jXGoWPAKCFfZFv5XvROY+3AU5QRJz1Mri6O4hGBBAR - AgAGBQJGLCLHAAoJEDh20JkvJmXHHrYAn0WdONAvJ33Vgah2tun0EYInndl4AJ97 - Smy5BOYw6fa4Iaiio1uMf/y7pohGBBARAgAGBQJGR4/QAAoJEHPedZ04FvgejGsA - njxdist7NM0yvl34ODmFOZnb1JNIAJ0SLeAVvSjC/1Hg3YjfhhAO6YFTBYhGBBAR - AgAGBQJGY7zgAAoJENvFfNTA3tE+Qz0AnRk2uQXo/haP+lqqj1UwX/Nq+QmnAJ4l - MbMXNAmAeOb7DonUKG3iJdvX74hGBBARAgAGBQJGxxVzAAoJEMGwkYNMNfLxOgkA - n028vHcViImyBNrQV6Lr3saZVpjWAKC+DKL+Odj9L7vYdRCQY451xr3XBohGBBAR - AgAGBQJG2etnAAoJEER/ubp4xB4W/UAAoMjNt1n+YeyFhU7SaPKoImoaww9zAKCS - yg8Q/cB3NaCTtBjq4wBblCfyIYhGBBARAgAGBQJHOPrjAAoJENN5RIu0G9UYdQIA - oMLmfR0YLdnMMBsytZDOe8VLPq0OAJ0baIPok8oocBF21YQQ8rQW2q4Lx4hGBBAR - AgAGBQJHa/uEAAoJEPMtmeh4XZf/DJcAnRfuW7vdokyFZB+nhwzrogmTs128AKCV - ZEqkkTzAvNyBWs3UJDJqUK9J4IhGBBARAgAGBQJHyuhpAAoJEC+V5jcsCHwE6zAA - oLpvjpJ+rSbFL9WBBj1BxpE8PTG8AJwKeejDAhB2mF09t7xl9l9XWmi0SIhGBBAR - AgAGBQJIiJr+AAoJEK4ssXKaMdD8wesAoITzObAud95RT1iNZWLYs770NoPaAJ4q - KZ7c7xYgYZWgW37tRcuAQCbbPohGBBARAgAGBQJJfD8aAAoJELRKND+o8jtmELoA - n0DlIk3p0MmvaIpc1td4kF1sR2iBAJ4yNeitHdiZqza2D4ofU2iKdpkpD4hGBBAR - AgAGBQJJ29KFAAoJEHpypWRbAALMC3MAoIVYRfr4iEbUUlrFlk0vfj/68XqEAJ45 - XKKQScBkUVlMJFXmFqQDwBw+MohGBBARAgAGBQJLFlXeAAoJEKvqaIabeVg7g5oA - oK5NVBbYglaAvS5tGD+8Z1pVTyiIAJ9j4M8IhJO1BXpv/LJAjRVOnBphNYhGBBAR - AgAGBQJLFpRrAAoJEJ5qTepyp8YIh7wAoJFnxenv1Uh1bkbgFgtIFA03qFagAJ4g - hqPcEKRixnUVKEymhc997ie89IhGBBIRAgAGBQJEbLVvAAoJEHLf4d6IeHGY9b8A - n3znJne6eSRQNb7SqMiSo1IAhTKAAKC3K/XvWIbliV9VkLxoKRMUPYBd4IhGBBIR - AgAGBQJEnt1gAAoJEN2HT5zCsdXjEA8AoIAY+tW7eYMsv+ZbK849mS5BlSuaAKCp - qtbbGoUi3YsqG6FoQqTjSA0hrYhGBBIRAgAGBQJKHn/QAAoJEEVlvxDJOREPbCUA - oJUCHfSsOdcV9BB1Zx/lL8FRw/4qAJ47OdWpJh76UAW5ZDlZOfCxYiFzDohGBBMR - AgAGBQJHfTl8AAoJEPbbjicERYS1jXQAmgOdd34SpnEyr3OPZ+FFqKvkYAePAJsF - QlldKLe6BewWPGAUHftHxFNgGohGBBMRAgAGBQJLEcUmAAoJEKvqaIabeVg7O0oA - nA9TnICzrJrYis3NLKpG6X1BSsWTAJ0boP7V4z1wsQq3/F7rI3evdG3swohKBBAR - AgAKBQJIIvEmAwUBPAAKCRCEaROH9mEvTsbgAKCQQ8RE/XyO04KTqatHLQWY7q1a - uQCfZ8bel9qoAUytMddC0gkL6RMphaKITAQQEQIADAUCRBdRSQWDBURD/gAKCRBp - CnQ6XgPXFtw1AKCuaU6wFrCRBSaRNPhxECSbzB7laACggaDhWabhi/lY1nwiuerM - K0oeTTSITAQQEQIADAUCRpIwLAWDAsllGwAKCRCsiUn+i1aPamfWAKCuICjDGwQP - Eg01nUmcBJEId9KFDACgjlP9jCriwgkDyimOSSsUJO2GfIiITAQQEQIADAUCRpQV - aAWDAsd/3wAKCRDNoCSovv1covz0AJkBXVQ4MO0miIt3THZrVo0Em/nWJwCdGbHq - eo99qbMKAbFogLrnYE31EDaIcgQwEQIAMgUCROsRFCsdAFNpZ25lZCBrZXkgd2l0 - aG91dCBpbi1wZXJzb24gdmVyaWZpY2F0aW9uAAoJEHoukft4hdr87ksAn1gSW+at - u5/MyQO9t4sPLsqFAshPAJ97JjH8nyxc5xy0b4hD+c2d2dNwy4i8BBMBAgAmAhsD - BgsJCAcDAgQVAggDBBYCAwECHgECF4AFAklnOV8FCQeFMi0ACgkQU7Yg0BzgxjDr - pAQApSWcftx5Qbf/yPzf/0FE43Qvsl84XA/H1SRyDF+JQSk3l0Om77QGQvNf8XYU - G3u+p5FvDFQEkjOcYcRn4xJUygfnqACd6lyYNU5pvnngsCmCLogwvPSeLPUBKtap - k6jDtAXpaCfllW5D8HOUfrE+bLAS1Dvfy6A6Hkhofe2z8zmJARwEEAECAAYFAkSF - /hUACgkQJklzsP0Eoya7PQgAiaW0PO4syCYLMOv6z+ou6Zmt9XYw+okm4zr4Lc7x - zcNY+qpwjwZ2lcoIXEGVOI6buFcQOU+qYmQ5JFbH8jtBaBY76aUCPQQmKJzGIyJV - iy9K310Q9b39rjCm+YLWbNG1qbqX4aJSCJLCF5C6G9IzQRGhtEWMJ3nr3nsRXkyp - NNg40tt9f87wjQo0yd4hQ5VRFPMEH7THCTW+iFH9b9//ZkK7Cdx6poCfWmZE8AYY - hbVOv1czF8JsRfnt1mS1YSEx95PhmV40nBqK6lzfH5hUVSVs8uaGiXkvvRMAPJJQ - eZ/LAmoa0VjV3dGLIXSnmpGmivm3al+UFsak7kmBr+vSD4kBHAQQAQIABgUCSFT7 - LQAKCRAi/Cu2xWn//mt6CACpEPXUi6ylZNt70Xe8nN0/aHFtAP6Y8Hcd9hWiFThr - 2xW2jI1Slrc0TMgt93RdVtyVMM3kj9C0zjMo7UaJhRTAz0myFDnApTuQS/XFTJUP - M4rdiUx6zwq20Xlm+06093JBdcPp6N7mjstspJVwchdTqf1Ny7m4loC+rro152n7 - ACycLUDnC6cD/od2qBGYaiB25Sylz/8k80SZ/9Y9sBqMqi//BGId+HnhPrYc9ny8 - S4b2K/UguASOGxrrK148TpwqVpKDvzPaKobHnE7BGhU3LDtYt1U1U1qyfVWktuq6 - 6pnzuSq4bSc0oqPhWEOd/NMNDMXiwLmHeonJARoEfgKKiQEcBBIBAgAGBQJIYSe6 - AAoJEIISGkVDGUEO7u4H/25Gp9ysKV3Ub2/JocPgydmD+AVD0YGHwGoLqz6tc1Mb - 6QNB7ovyihL+D3drhz0XOhWeosZUIY8qftEfeo16nzxqIgSpTJYI+kRosRm+9xc+ - V+M9JAcALWHl/aymyF/KoiNQvJwlwnLJixs+f0p5ZaCBEbSGEI1G2lq6omJYNYrr - V9KhLx0LUdUCsemcV+vMR+lGoXeBdZRRCAIZuu0EAB+7vdxcEcDSMOYzdnUtHWl0 - mkgfG4uVdQqqTOLxn8Isz3MhDGYkFV1auAlxlV75eMhNi0YJ6DUnzFzyJ4YlugM+ - hX3HMWQh2OvUSxkweFBQ7J7hAOsgwyjPtZ1HwOdGJu2JAhwEEAEKAAYFAksgE8QA - CgkQIa6nCWeyIM5UzBAAyQNUkUjjxrSu4EYacRGI+1vPb+Q6HJDaQct6xrujMAzJ - 4Jt7CvtkFKGmgx/DlqiEE5c8rJjsZ0QUPWCWlOvamr3p9UpBHgUuuN0OXx9y8mge - kj3D/Ch6dv2VUezqKDDEMsdSoEfj886pjHhWpEoV2W5P+ihF1FmRcEbKbZb3gs3y - s66PxjqafNXjTVc4U1hGB9jc1SnomvmsE3ps6T3yJQVpLha9SPxs6Bxa5RWIR4Os - LKfAI39uh5ikv/tSokz2GQj0hE6JrYY+46oyJWP2SfTzxlGjUtGSyP8DtZghUPuh - AidSl0p0SHATjWnXjTEMMO1DuytF7mnxQxlocm4/gGdC+yLeg2QqQLwKq7i/L/pu - GRWlYyV3yNG5odxHEURr4FpFulUmjsEoo4FPZA8OeSfmXJBKna7c4OIm0WxljDme - 84VpLS6LdPhu+xnqU77LuOO4x+5Y2lToZfqZHabOdFNY1TDQmlN+CLyZg/AE3g+t - zOFE65tRPgUzQO6lFXws3/vv3OyyK/BxBZs9L3xw46A4tMlkbNpdlqQ0xLzD+a0f - M2zxzU81YSRw1lsQnT5sdQUWaqenvVgmh3DKmaBxFu2K84SiETa5OoLI7CdW3kcW - QVJhahKwN6zrjU+cTGARB24T2/jT66EtLegWka3+wF6gmixHLc2L783KPj2u45iJ - AhwEEgECAAYFAkSUEEkACgkQ2MIKCVokV8864A//Y8RQB8EOcV6bYBnz8c0rARfb - 5M+kdXdmYe5LLE7uI0M+UBCNemmFvhuxQROx1hudouNnQeKAAiAjd/I7QSH+1Hgk - IBbQjXKlK+3pxtD4+gDTdkTRxfOg+gDlFRTX9IKAPRw6c1LRoHZlAvCq1vc8A26/ - 5F/FGxza3UGWdtrdLfP/KeD35jZbCKh2zPreWp7DBcYNDEUmap4w56PGqwsP/ajG - sDKJXa3yh1bznEA7rlJYOpbFWXAhwCdP560TubXi0lLYFTWCOXa+nh5HQuS9Vkrk - NipKTpG8RUReiu2aJgy5tRQf7D2FcDRoScn5FSQ7iZbM8RhlN/Ex/gWwMjAyapdm - Mj1DTfxHLpJnI0+TKPT0VTsbn8uz7Zjg3jQIE2DCJqUwLuxz7HfPc3O9uM0q4LyH - 2PV8NsBd8iGXenZUPTvKdnxhBEBeDSaYN/9CaqmCcJKb2TnhYRdScvdGV+izh1X8 - mLz54LWq/aOzZXIqUWV9rIvv7Wd6KZS+L43uxhgWVBwVOeje9dLoULkuIpTgJzDg - 1wkJDDidTJpYTAZcejtI2N8+pCDlKnPDhOLFdZ07JbxlZ5OB4br/hzaGjJ2ZgbSQ - z7q0Dl7xXRBPnLVAggN2ytfHrEA3+PdGcx2e2j9Tkm+Ykb9yPGPWtXSyNQ7SId01 - nnWq3tt3+Z3bLiLYYl6JAhwEEgECAAYFAksRhi8ACgkQmZMeJdkeASx1sQ/+OUE6 - xCuZURsx9kRcJI1v04nlGq52/fwWlgi2JrXKe5dLH9HAI/CIkudJ39Dteg2cXmvo - ++DXvecit7sqoLAbeTRnDlp5yGibcEMagBDEqxEFLfgTd17K7LFC58TD0QKIATXH - sAL4bb+DBY4IlUDIjcuXDFiU6ZLkoCnBelV+tICdoUHtg4jh1yJVYxm+AXdueHdH - PV8aEj/5ImDk+hzg++YwHMhejDjXLGUUqplTBP1gXuewjyHv5ua6x96PMCm+zux9 - WW9Qqv6yo6rvgkCLFYaAU/vYvvmQtUBUDFEk3SEq60gBJ1iqYuXKvg4RXfx8PesU - SMwOSMukQn9cuKwAy/hgbajyZGPignrBzub9Xl7WK6UUIt0XcLkbyDk+mPBb7Gb/ - u+NsVPSdunSv7wRfkizMZtV/SqU/eMmUK+jPrpj9rW2zJ7pze+PGGl+g149r2z7Z - 4ZKkJ2i6hb36ytF8fD4518oTYePyn1FDTzRPb0JQIZs8hkIfv4gRtm4wgGkIqaaY - NG2ZPAm4A5tTfwRO3qiqA99PPYRb3wiUeGqALzUR/wEkVvovpsFEjr+AGQskA2u3 - 3FhahyogNREyySaLKLj9WcVJ1p+zFSNdQMzylSWRSq6/Yjf283KWUJudA24BKJEn - LG4Glyt+5XNdgvu68/Tq1fyO+L0m1EyQ5ypvT+yZAQ0ETS2LgQEIAKoa0qVf2Mj9 - 6eGUF3LZzJA/pDsmjLG1obr9yQApYdiuoVNCTchR7xO4OsZPvjZcWdwb0+gwF8kN - Q2W0g+AoWfwT21hCoA6WlIDbls5vfRwDYAOSuOCO8MAfxxn5+QhrJa05tPHCot8+ - K+MXEQz/8h1KEUVVCP5AeZdgEmCBbIQiKXwGN7spHDoHm5yzipLOnlUfgKoOv08O - csPyUEYeTTHyOnCHhX/IQ4MkoBNjRWPTTv3cvy6oDflmLJzNS+8lIti9/tJM73jc - azCTF0B+rFdtiJ+IraCMT/tICYH7aMXGyidQM4HUEBjmzcUqquRrFmvcEGN64Yag - K6JJf9xdEiEAEQEAAbQWV2VybmVyIEtvY2ggKGRpc3Qgc2lnKYkBPgQTAQIAKAUC - TS2LgQIbAwUJEN2fAgYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQJJs50k8l - 47Y+UwgAnE+0Vd/nKjM+kWNFtKRJ2OyT16u7TmyEpk4ArDdFR49NTzRJEs92DgAf - 6+SbUkxYUWnC8eWB/GqcT2unXejsv/hTA1TCofznMLC7tIfP1xfd3hRTDNw/qpA/ - gFAQf3/GWlBL15Mr1vZEzKCCrB38nybGO+hbMvwqV//CXqNcef/I/3bEb39gDzqU - 04vU3f8+GVnMu4npt0P1bOwSn/6SHdQN+OQis5xaSrC6kH53TVHhsc+7229fLxe6 - 3xKiTbOS7bFWQQ6xXZNcdvC4c7YAYLmlYNfrCAITgXld4IH/Si9qjb9uTbbDVPHM - /o8zGjqwuSZoXoPR+uEzZuXgL+5KyoicBBABAgAGBQJNLY0EAAoJEFO2INAc4MYw - Rk8EAIuasyOnCbJW8jpfk3g2VZy1dBZj7g4PHaI70K1Qz8X3piI8WWaDCwlTPJcv - AAtiT6yGHzdONAt+N7GiHNLU7TsMJlTLsuxv1HsdtgnVh/9BwTKRuIBbjrkJlvUE - A4xHYdQ4MFNoAFqJ1+eGZTMm1rLPtjQopEcDH5VVLqR+ewWriFYEEBEIAAYFAk0t - xTcACgkQ8q2FrB5Cs2crBADfd33fB14XGfyl3Dtm4cfEUfLCcYXWNaMy+ZmmggDf - c8hyceGA2XcPThQ7N613oi+cHzO4XC8o1tooDrkBDQRNLYuBAQgAofC5yBtpGPRX - se3QWczpGZurBnsgVXaVH5g3WCRlpZFEJomg8RkUqGE8QFfVsNXCv+JM9o88S2mL - uhCgeTrnJ4uuG06Zdek1WRX/lZCMAkitaf4lDfP9l6PEdQuHMqwaDkULqlFhwTLN - Fce2/gE72QEgo1WKtmMSRAbgGcitCCXp7ZgVrjsY0ypxAfucl3AbVwZA5k4gNBAz - jWAHPChKtK0wDoOMeS6QV6Ap9xJtIsCsG1g0DBPCZbtGo4wQnCWjT41jHZifvnHr - ptjB2Ww/QUs6B7P878jGg9HFevSXh766Pp0Ueq8GLTh3Homw+ZcTJ4DIuIJZKHtH - Cry4iEFQFQARAQABiQElBBgBAgAPBQJNLYuBAhsgBQkQ3Z8CAAoJECSbOdJPJeO2 - uxIIAJE2B8aQPQ6o6LBijX/4rJaetAu6xW9Jg7DyE3rqB5TcE7yJDQqjL6bRApjW - RaNofB7CmDxl5tjgTawds0gL1KnKLLPb2wAnaKe9/j/gx6lOCnE2LDj5ebKQKQ3U - B9WG8xNBczNFs7lnBG0+mOwyvWPm9fWzpTf9HFIAi2kCQK7UYZNM4fSvXY5yFz+6 - b5AYDI7pZSP8iJnUxfu2hdbRIKjwNKXzPlDsqYlYXpNAsrUuS7hshUbUe7CjX/RY - dza8Jp3kHEeOCjLxOwotOa9hBla2eNa9AZXZQ4AFhZxpy61ldBDY88IhjsuWm5L/ - jkJdZtPlj6bFjfLt1vPhoX7y7IKInAQQAQIABgUCTS2NBAAKCRBTtiDQHODGMEZP - BACLmrMjpwmyVvI6X5N4NlWctXQWY+4ODx2iO9CtUM/F96YiPFlmgwsJUzyXLwAL - Yk+shh83TjQLfjexohzS1O07DCZUy7Lsb9R7HbYJ1Yf/QcEykbiAW465CZb1BAOM - R2HUODBTaABaidfnhmUzJtayz7Y0KKRHAx+VVS6kfnsFqw== - =CxwV - -----END PGP PUBLIC KEY BLOCK----- +mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I +Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg +jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7 +KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u +qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB +1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk +aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s +hKZOAKw3RUePTU80SRLPdg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH8 +5zCwu7SHz9cX3d4UUwzcP6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8 +Klf/wl6jXHn/yP92xG9/YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOc +WkqwupB+d01R4bHPu9tvXy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgC +E4F5XeCB/0ovao2/bk22w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsqInAQQAQIA +BgUCTS2NBAAKCRBTtiDQHODGMEZPBACLmrMjpwmyVvI6X5N4NlWctXQWY+4ODx2i +O9CtUM/F96YiPFlmgwsJUzyXLwALYk+shh83TjQLfjexohzS1O07DCZUy7Lsb9R7 +HbYJ1Yf/QcEykbiAW465CZb1BAOMR2HUODBTaABaidfnhmUzJtayz7Y0KKRHAx+V +VS6kfnsFq5kBDQRUUF8HAQgAh1mo8r+kVWVTNsNlyurm2tdZKiQbdeVgpBgcDnqI +3fAV58C3nC8DVuK5qVGZPB/jbu42jc8BXGP1l6UP+515LQL5GpTtV0pRWUO02WOu +TLZBVQcq53vzbg1xVo31rWV96mqGAPs8lGUCm09fpuiVKQojO6/Ihkg7/bnzeSbc +X5Xk9eKLhyB7tnakuYJeRYm4bjs+YDApK8IFQyevYF8pjTcbLTSNJPW9WLCsozsy +11r4xdfRcTWjARVz5VzTnQ+Px8YtsnjQ3qwNJBpsqMLCdDN7YGhh/mlwPjgdq/UF +f5+bY6f3ew0vshBqInBQycBSmYyoX0Ye3sAS/OR4nu5ZaQARAQABtD5EYXZpZCBT +aGF3IChHbnVQRyBSZWxlYXNlIFNpZ25pbmcgS2V5KSA8ZHNoYXdAamFiYmVyd29j +a3kuY29tPokBPgQTAQIAKAUCVFBfBwIbAwUJCbp27gYLCQgHAwIGFQgCCQoLBBYC +AwECHgECF4AACgkQBDdvPuCFaVmIoQf+POxCWkCTicRVlq0kust/iwYO1egK9FWG +130e2Irnv2lAZZN/0S5ibjHCYFp9gfMgmtVTF5oWXjSDAy/kIykQBBcUVx4SCJbd +MtKSdsSIQMz6P4DxXumxQm79msOsbi5TsdtUwjqdrbu2sHloE7ck/hTXUCkX3zuq +txY7W23BCQxVVT5qUaFuAHkkQaaBgAb8gdgixmkIBfu9u8k3k9zUKm/PNfMjxClv +ORkP8gev+XyzNgcXM49h5YYlmDT+Ahv99nUM1wg8yJTjefBAY0fL982Scx30nDQO +3w7ihALUoj5+TXQjhs3sWPJ8u3pstr9XcfzEZC77/CZmRYNr8g5hBokBHAQQAQgA +BgUCVFOBbwAKCRAkmznSTyXjtmHeB/0X00v959Oyc0EsSLOlfC52qsEn5cU7vxFb ++KY9aKtG4+hApJxemkqpCgA5+xZwXp3SQOf0sYFwz5OsukIjRF0HgSEdjoMTH6b7 +lT0nCwKo8AMU0nJbopVIJikHOzk2gUqh1gxu5iml1RbSkmFhiGjYeqM+ONQynCeX +Gg3LLZCQ1eeoaX69bvbWQFDtTIn2HYvjZLjuGC6PGH/naZ7GchiiiK0bs4UOdJFX +HtITC/7DcgEiHMHOMT3XlwINTexZG0grl2LuWuyyhurJh5IO6geArPKUmR8SjJjV +azpwbutZhYjTzfUpPvKK8kCSan9Df5eeekDrKCU8x8aqLDVyoQcRmQENBFRQOyMB +CADmEHA30Xc6op/72ZcJdQMriVvnAyN22L3rEbTiACfvBajs6fpzme2uJlC5F1Hk +Ydx3DvdcLoIV6Ed6j95JViJaoE0EB8T1TNuQRL5xj7jAPOpVpyqErF3vReYdCDIr +umlEb8zCQvVTICsIYYAo3oxX/Z/M7ogZDDeOe1G57f/Y8YacZqKw0AqW+20dZn3W +7Lgpjl8EzX25AKBl3Hi/z+s/T7JCqxZPAlQq/KbHkYh81oIm+AX6/5o+vCynEEx/ +2OkdeoNeeHgujwL8axAwPoYKVV9COy+/NQcofZ6gvig1+S75RrkG4AdiL64C7OpX +1N2kX08KlAzI9+65lyUw8t0zABEBAAG0Mk5JSUJFIFl1dGFrYSAoR251UEcgUmVs +ZWFzZSBLZXkpIDxnbmlpYmVAZnNpai5vcmc+iQE8BBMBCAAmBQJUUDsjAhsDBQkD +wmcABQsHCAkDBBUICQoFFgIDAQACHgECF4AACgkQIHGwijO9PwZ1/wgA0LKal1wF +Za8FPUonc2GzwE9YhkZiJB8KA/a7T6//cW4N46/GswiqZJxN1RdKs1B+rp7EMMU3 +bhoXstLBcIYveljqh4lPBWCsTT2+/OpwAmgnzjgdTHcpnCMTEOdZktD5SKrTj2tV +aWXAlWK/UsEEanA3cvzofy44n7rm+Eoa7P1YGCHL++Ihsi66ElbehilTT/xxckHX +Uji1XDvoagEENEHk5j4Z2mhWtjnGclvuiBkS4XezezNMW/fPAypZX4bkURNbGd8j +tkb3Eqt+bv+ZQoSA+Ukv8APaAzj8lRSw+CYjDxpoM0jtmiPrk+u/Do46COVA/IX2 +2aYNT2Y2KoWJV4kBHAQQAQgABgUCVFOCHQAKCRAkmznSTyXjtoIhB/0ZE/ppI2Gc +qDxSwPKkRkkoMD8oXdKkPxjUF2jgP+bceHKiz1F78cx/eZltB4av8OujO1IwqH2C +0aVr46W3eSyIcpmmw6F9sjLcTfyZJfWJrvobb7WQSKvWw0eHFgNGR6Z+BA3ohjws +aCZtzzkH2gXI+EM7qaZozMw+eSkZ4qTE9B4/hkMZZpBO0oGy9PQzSlADGftyyuTt +oSUvepfs+EvYSddQ7skXWq0zePuOhng2Mppl690A+aTywyetbPvVeqjiAbI7NB5f +8Tw7dk0Febe9NHvbwzgiStMPmIKrTcthvgIClBkZvmkBFWAPxYPdHfLzAlpDGxJt +R31c0zNFBH68mQENBFRDqVIBCAC0k8eZKDmNqdmawOlJ/m62L2g8uXT/+/vAEGb1 +yaib09xI6tfGXzbqlDwrLIZcJsSIT/nt/ajJnIVbc3137va4XbwMzsDpAMH4mmiT +oqk+izEChGm2knzrLwhoflR8aGsKL35QoZT/erdjfgPeCRLvf25fHsN2Jb0WIMzC +56VkMeFoza+9HZ5hrkemmm+gPvIvhEUopxCyOS8mK5WjB4zzIdyDJfkqVpHvafNP +0N4LIsedKdyHcj/K3kY4Kejl99GW1z1snBgPamoN2/e52Pf6KTw2FjsSGZ72oalc +rkBR4wacUizGxKcRD2Y6Xa0g9mwToWdNBQCIII+uTzOzq1EDABEBAAG0IVdlcm5l +ciBLb2NoIChSZWxlYXNlIFNpZ25pbmcgS2V5KYkBPQQTAQgAJwUCVEOpUgIbAwUJ +C6oF9QULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCKhhscfv1g2aH7B/wIW6mV +mTmzW2xc1q1MUdssExQBhEeONrbWJ/HiGZP/MaabgQ/+wZuThTAwfGM5zFQBOvrB +OGURhINU6lYQlcOrVo+V8Z1mNQKFWaKxJaY5Ku1bB1OuX9FHLEiMibogHu5fjJIX +BE8XrnvueejyFQ5g/uX2xcGgCWlMe49sR3K+lEl3n93xTmSNhP52r0gTjMjbqKWK +UaIGJ5OcWSrvawdfqLXkxR8phq2AlHHEfxpcZsOp9mZirWYQ5jcgGgFP0LYXUw/R +nxFpOcrj45qufmyEL9QJKjBV5RaHJbqukefwUInPQtVUmINqQxztSh5QxQP2tsUP +IeEi5RAoCwLJam8ziQEcBBABCAAGBQJUU4JUAAoJECSbOdJPJeO2c+cH+wevKc8w +bkWSoGOJiYDglVMJa4x5utgHyXP4PyqelIQ7yibfQq3YyOU9RWRGxfvuofPXpx1E +u/XtCGgw03r4HZhauauYe27IDpA5P/Go7+WqufT6gMBoZf/1cD2ykQZpFyszEKHf +Y+BlzqPJcRaXy4+uQG3O+bh/R2eIGAJDao/AclJI+kfckeY5DzRTibPex+rGAkxZ +8qHtlCb0WeUbL3mgl9f3LlbPH77w1on6XqqIaQ+ODSS/3CUOIhNI3lrGO7mIqhSC +0n+rpqLHeVLpLkz0IFvsJOp9UOHDCA8oL0cQtJGP1pN7muKR9nCVtoNuN41JapoO +4ZaHe5Y0r5MIofSYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNwQo8OSmVw +IvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYUTF0F/15p +iAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz28iRH/UZc +YLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpuQGdudS5v +cmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2MtwUJClRO +YQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhAtm3dxWeU +xA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2qagd/nRch +l9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+EwCV7i2e2 +u5kBogQ1oh4eEQQA/pdK4Oafa1uDN7Cr5nss4bNpg8YUSg01VVJ08KTCEdpCAPaU ++NzaP3KD2ow74WU2gzP70s9uSGQ2Vie4BLvOkaaBHba/3ivBrg3ILFrxbOfmKQg8 +Fhtncd/TBOwzfkkbxBNcVJuBPRtjZ3dlDbS4IPNsIIv2SuCIfQmA8qNGvWsAoIrJ +90b2fzERCZkKtfkoyYA8fnNrBADhJ8RmIrKiCnDk3Tzk04nu6O8fp3ptrmnO7jlu +vDfsEVsYRjyMbDnbnjCGu1PeFoP2HZ+H9lp4CaQbyjWh2JlvI9UOc72V16SFkV0r +8k0euNQXHhhzXWIkfz4gwSbBkN2nO5+6cIVeKnsdyFYkQyVs+Q86/PMfjo7utyrc +WLq1CAQAou3da1JR6+KJO4gUZVh2F1NoaVCEPAvlDhNV10/hwe5mS0kTjUJ1jMl5 +6mwAFvhFFF9saW+eAnrwIOHjopbdHrPBmTJlOnNMHVLJzFlqjihwRRZQyL8iNu2m +farn9Mr28ut5BQmp0CnNEJ6hl0Cs7l2xagWFtlEK2II144vK3fG0J1dlcm5lciBL +b2NoIChnbnVwZyBzaWcpIDxkZDlqbkBnbnUub3JnPohhBBMRAgAhAheABQkOFIf9 +BQJBvGheBgsJCAcDAgMVAgMDFgIBAh4BAAoJEGi3q4lXVI3NBJMAn01313ag0tgj +rGUZtDlKYbmNIeMeAJ0UpVsjxpylBcSjsPE8MAki7Hb2Rw== +=W3eM +-----END PGP PUBLIC KEY BLOCK----- #+END_EXAMPLE ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 295 ++++++-------------- web/download/integrity_check.org | 30 ++- web/index.org | 4 - web/share/site.css | 2 +- web/signature_key.org | 547 ++++++++++---------------------------- 5 files changed, 236 insertions(+), 642 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 4 21:37:11 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 04 Nov 2014 21:37:11 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-26-ge568b48 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e568b488e75aeb59b0930bb810186c65e343894c (commit) via 47fedda47a4b4da6498d0073de55726242bb46dd (commit) via b3ebecfc7c6f39fb3d84fa9b16d5a6a65f6f7322 (commit) via 5e8c5727ab1f84fb60b7579265623bcba5546452 (commit) via cf41763cdf029461f160925e1e3b3593ac292a39 (commit) via 587a0956b9d3292452a700d96e8d89a0b4bbae0f (commit) from 43595e8d4fa420c47b32ca69156f92b49a4a701d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e568b488e75aeb59b0930bb810186c65e343894c Author: Werner Koch Date: Tue Nov 4 21:29:58 2014 +0100 Typo fixes. -- diff --git a/doc/DETAILS b/doc/DETAILS index eafd312..a1e96f4 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -381,8 +381,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: gpgsm and might eventually also be available for OpenPGP. Note, that TIME may either be the number of seconds since Epoch or - the letter 'T'. an ISO 8601 string. The latter can be detected by the presence of + the letter 'T'. *** VALIDSIG diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 34b6024..2ddedcd 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -1000,7 +1000,7 @@ only create a CSR. The command @option{--gen-key} may be used along with the option @option{--batch} to either create a certificate signing request (CSR) -or an X.509 certificate. The is controlled by a parameter file; the +or an X.509 certificate. This is controlled by a parameter file; the format of this file is as follows: @itemize @bullet commit 47fedda47a4b4da6498d0073de55726242bb46dd Author: Werner Koch Date: Tue Nov 4 21:29:45 2014 +0100 doc: Added What's new in 2.1 article. -- diff --git a/doc/Makefile.am b/doc/Makefile.am index 2f048d7..a308444 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -34,7 +34,7 @@ EXTRA_DIST = samplekeys.asc mksamplekeys \ gnupg-card-architecture.pdf \ FAQ gnupg7.texi \ opt-homedir.texi see-also-note.texi specify-user-id.texi \ - gpgv.texi yat2m.c ChangeLog-2011 + gpgv.texi yat2m.c ChangeLog-2011 whats-new-in-2.1.txt BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \ gnupg-card-architecture.pdf diff --git a/doc/whats-new-in-2.1.txt b/doc/whats-new-in-2.1.txt new file mode 100644 index 0000000..10d3f60 --- /dev/null +++ b/doc/whats-new-in-2.1.txt @@ -0,0 +1,712 @@ + ??????????????????????????? + GNUPG - WHAT?S NEW IN 2.1 + + + Werner Koch + ??????????????????????????? + + + 2014-11-04 + + +Table of Contents +????????????????? + +1 What?s new in GnuPG 2.1 +.. 1.1 Removal of the secret keyring +.. 1.2 Removal of PGP-2 support +.. 1.3 Leaner key generation interface +.. 1.4 Support for ECC +.. 1.5 Quick generate and sign commands +.. 1.6 Improved Pinentry support +.. 1.7 Auto-start of the gpg-agent +.. 1.8 Duplicate long key id fixes +.. 1.9 Enhanced Dirmngr +.. 1.10 Better keyserver pool support +.. 1.11 Faster keyring format +.. 1.12 Auto-generated revocation certificates +.. 1.13 Improved card support +.. 1.14 New format for key listings +.. 1.15 Support for Putty +.. 1.16 Improved X.509 certificate creation +.. 1.17 Scripts to create a Windows installer + + +A possibly revised version of this article can be found at: +https://gnupg.org/faq/whats-new-in-2.1.html + + +1 What?s new in GnuPG 2.1 +????????????????????????? + + GnuPG version 2.1 comes with a bag of new features which changes some + things old-timers are used to. This page explains the more important + ones. It expects that the reader is familiar with GnuPG version 2.0 + and aware that GnuPG consists of /gpg/, /gpgsm/, and /gpg-agent/ as + its main components. + + ? The file /secring.gpg/ is not anymore used to store the secret keys. + Merging of secret keys is now supported. + + ? All support for /PGP-2 keys/ has been removed for security reasons. + + ? The standard key generation interface is now much leaner. This will + help a new user to quickly generate a suitable key. + + ? Support for /Elliptic Curve Cryptography/ (ECC) is now available. + + ? Commands to create and sign keys from the command line without any + extra prompts are now available. + + ? The Pinentry may now show the new passphrase entry and the + passphrase confirmation entry in one dialog. + + ? There is no more need to manually start the gpg-agent. It is now + started by any part of GnuPG as needed. + + ? Problems with importing keys with the same long key id have been + addressed. + + ? The /dirmngr/ is now part of GnuPG proper and also takes care of + accessing keyserver. + + ? Keyserver pools are now handled in a smarter way. + + ? A new format for locally storing the public keys is now used. This + considerable speeds up operations on large keyrings. + + ? /Revocation certificates/ are now created by default. + + ? Card support has been updated, new readers and token types are + supported. + + ? The format of the key listing has been changed to better identify + the properties of a key. + + ? The gpg-agent may now be used on Windows as /pageant/ replacement + for /putty/ in the same way it is used for years on Unix as + /ssh-agent/ replacement. + + ? Creation of X.509 certificates has been improved. It is now also + possible to export them directly in PKCS#8 and PEM format for use on + TLS servers. + + ? The scripts to create a Windows installer are now part of GnuPG. + + Now for the detailed description of these new features: + + +1.1 Removal of the secret keyring +????????????????????????????????? + + gpg used to keep the public key pairs in two files: `pubring.gpg' and + `secring.gpg'. The only difference is that secring stored in addition + to the public part also the private part of the key pair. The secret + keyring thus contained only the keys for which a private key is + availaable, that is the user?s key. It required a lot of code to keep + both versions of the key in sync and led to sometimes surprising + inconsistencies. + + The design of GnuPG-2 demands that only the gpg-agent has control over + the private parts of the keys and the actual encryption engine (gpg or + gpgsm) does not know about the private key but care only about session + keys and keys for symmetric encryption. This has been implemented + about 10 years ago for /gpgsm/ (the S/MIME part of GnuPG). However, + /gpg/ (the OpenPGP part) used the gpg-agent only as passphrase entry + and cache device but handles the private key itself. + + With GnuPG 2.1 this changed and /gpg/ now also delegates all private + key operations to the gpg-agent. Thus there is no more code in the + /gpg/ binary for handling private keys. En passant this allows the + long time requested ?merging of secret keys? and several other + advanced key management techniques. + + To ease the migration to the no-secring method, /gpg/ detects the + presence of a `secring.gpg' and converts the keys on-the-fly to the + the key store of /gpg-agent/ (this is the `private-keys-v1.d' + directory below the GnuPG home directory (`~/.gnupg')). This is done + only once and an existing `secring.gpg' is then not anymore touched by + /gpg/. This allows co-existence of older GnuPG versions with GnuPG + 2.1. However, any change to the private keys using the new /gpg/ will + not show up when using pre-2.1 versions of GnuPG and vice versa. + + Note that the command `--export-secret-keys' still creates an OpenPGP + compliant file with the secret keys. This is achieved by asking + /gpg-agent/ to convert a key and return it in the OpenPGP protected + format. The export operation requires that the passphrase for the key + is entered so that /gpg-agent/ is able to change the protection from + its internal format to the OpenPGP required format. + + +1.2 Removal of PGP-2 support +???????????????????????????? + + Some algorithms and parts of the protocols as used by the 20 years old + [PGP-2] software are meanwhile considered unsafe. In particular the + baked in use of the [MD5] hash algorithm limits the security of PGP-2 + keys to non-acceptable rate. Technically those PGP-2 keys are called + version 3 keys (v3) and are easily identified by a shorter fingerprint + which is commonly presented as 16 separate double hex digits. + + With GnuPG 2.1 all support for those keys has gone. If they are in an + existing keyring they will eventually be removed. If GnuPG encounters + such a key on import it will not be imported due to the not anymore + implemented v3 key format. Removing the v3 key support also reduces + complexity of the code and is thus better than to keep on handling + them with a specific error message. + + There is one use case where PGP-2 keys may still be required: For + existing encrypted data. We suggest to keep a version of GnuPG 1.4 + around which still has support for these keys (it might be required to + use the `--allow-weak-digest-algos' option). A better solution is to + re-encrypt the data using a modern key. + + + [PGP-2] https://en.wikipedia.org/wiki/Pretty_Good_Privacy + + [MD5] https://en.wikipedia.org/wiki/MD5 + + +1.3 Leaner key generation interface +??????????????????????????????????? + + This is best shown with an example: + + ????? + ? $ gpg2 --gen-key + ? gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc. + ? This is free software: you are free to change and redistribute it. + ? There is NO WARRANTY, to the extent permitted by law. + ? + ? gpg: keybox '/home/foo/.gnupg/pubring.kbx' created + ? Note: Use "gpg --full-gen-key" for a full featured key generation dialog. + ? + ? GnuPG needs to construct a user ID to identify your key. + ? + ? Real name: Glenn Greenwald + ? Email address: glenn at example.org + ? You selected this USER-ID: + ? "Glenn Greenwald " + ? + ? Change (N)ame, (E)mail, or (O)kay/(Q)uit? o + ? [...] + ? pub rsa2048/68FD0088 2014-11-03 + ? Key fingerprint = 0290 5ABF 17C7 81FB C390 9B00 636A 1BBD 68FD 0088 + ? uid [ultimate] Glenn Greenwald + ? sub rsa2048/84439DCD 2014-11-03 + ????? + + Thus only the name and the mail address are required. For all other + parameters the default values are used. Many graphical frontends + works in the same way. Note that GPG prints a hint for the old time + GPG users on how to get the full option menu. + + +1.4 Support for ECC +??????????????????? + + GnuPG now support Elliptic Curve keys for public key encryption. This + is defined in [RFC-6637]. Because there is no other mainstream + OpenPGP implementation yet available which supports ECC, the use of + such keys is still very limited. Thus GnuPG 2.1 currently hides the + options to create an ECC key. + + For those who want to experiment with ECC or already want to prepare a + key for future use, the command `--gen-full-key' along with the option + `--expert' is the enabler: + + ????? + ? $ gpg2 --expert --full-gen-key + ? gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc. + ? This is free software: you are free to change and redistribute it. + ? There is NO WARRANTY, to the extent permitted by law. + ? + ? Please select what kind of key you want: + ? (1) RSA and RSA (default) + ? (2) DSA and Elgamal + ? (3) DSA (sign only) + ? (4) RSA (sign only) + ? (7) DSA (set your own capabilities) + ? (8) RSA (set your own capabilities) + ? (9) ECC and ECC + ? (10) ECC (sign only) + ? (11) ECC (set your own capabilities) + ? Your selection? 9 + ? Please select which elliptic curve you want: + ? (2) NIST P-256 + ? (3) NIST P-384 + ? (4) NIST P-521 + ? (5) Brainpool P-256 + ? (6) Brainpool P-384 + ? (7) Brainpool P-512 + ? Your selection? 2 + ? Please specify how long the key should be valid. + ? 0 = key does not expire + ? = key expires in n days + ? w = key expires in n weeks + ? m = key expires in n months + ? y = key expires in n years + ? Key is valid for? (0) + ? Key does not expire at all + ? Is this correct? (y/N) y + ? + ? GnuPG needs to construct a user ID to identify your key. + ? + ? Real name: Edward Snowden + ? Email address: edward at example.org + ? Comment: + ? You selected this USER-ID: + ? "Edward Snowden " + ? + ? Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o + ? [...] + ? pub nistp256/382660E3 2014-11-03 + ? Key fingerprint = E630 27CF 3D68 22A7 6FF2 093E D179 9E72 3826 60E3 + ? uid [ultimate] Edward Snowden + ? sub nistp256/48C9A997 2014-11-03 nistp256 + ????? + + In this example we created a primary ECC key for signing and an subkey + for encryption. For both we use the NIST P-256 curve. The key may + now be used in the same way as any other key. It is possible to add + an RSA subkey or one can create an RSA or DSA main key and add an ECC + subkey for signing or encryption. Note that the list of offered + curves depends on the installed Libgcrypt version. + + For many people the NIST and also the Brainpool curves have an + doubtful origin and thus the plan for GnuPG is to use Bernstein?s + [Curve 25519] as default. GnuPG 2.1.0 already comes with support for + signing keys using the [Ed25519] variant of this curve. This has not + yet been standardized by the IETF (i.e. there is no RFC) but we won?t + wait any longer and go ahead using the proposed format for this + signing algorithm. The format for an encryption key has not yet been + finalized and will be added to GnuPG in one of the next point + releases. Recall that an encryption subkey can be added to a key at + any time. If you want to create a signing key you may do it this way: + + ????? + ? $ gpg2 --expert --full-gen-key + ? gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc. + ? This is free software: you are free to change and redistribute it. + ? There is NO WARRANTY, to the extent permitted by law. + ? + ? Please select what kind of key you want: + ? (1) RSA and RSA (default) + ? (2) DSA and Elgamal + ? (3) DSA (sign only) + ? (4) RSA (sign only) + ? (7) DSA (set your own capabilities) + ? (8) RSA (set your own capabilities) + ? (9) ECC and ECC + ? (10) ECC (sign only) + ? (11) ECC (set your own capabilities) + ? Your selection? 10 + ? Please select which elliptic curve you want: + ? (1) Curve 25519 + ? (2) NIST P-256 + ? (3) NIST P-384 + ? (4) NIST P-521 + ? (5) Brainpool P-256 + ? (6) Brainpool P-384 + ? (7) Brainpool P-512 + ? Your selection? 1 + ? gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard. + ? Use this curve anyway? (y/N) y + ? Please specify how long the key should be valid. + ? 0 = key does not expire + ? = key expires in n days + ? w = key expires in n weeks + ? m = key expires in n months + ? y = key expires in n years + ? Key is valid for? (0) + ? Key does not expire at all + ? Is this correct? (y/N) y + ? + ? GnuPG needs to construct a user ID to identify your key. + ? + ? Real name: Laura Poitras + ? Email address: laura at example.org + ? Comment: + ? You selected this USER-ID: + ? "Laura Poitras " + ? + ? Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o + ? [...] + ? pub ed25519/5C1AFC2A 2014-11-03 + ? Key fingerprint = ED85 4D98 5D8F 502F C6C5 FFB2 AA81 319E 5C1A FC2A + ? uid [ultimate] Laura Poitras + ????? + + Support for ECC keys is available only on some keyservers but it is + expected that this will be fixed over the next few months. + + + [RFC-6637] https://rfc-editor.org/info/rfc6637 + + [Curve 25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf + + [Ed25519] http://dx.doi.org/10.1007/s13389-012-0027-1 + + +1.5 Quick generate and sign commands +???????????????????????????????????? + + Sometimes it is useful to use only command line options without any + parameter file or interactive prompts for generating a key or to sign + a key. This can now be accomplished with a few new commands: + + ????? + ? $ gpg2 --batch --quick-gen-key 'Daniel Ellsberg ' + ? gpg: key 911B90A9 marked as ultimately trusted + ????? + + If a key with that user id already exists, gpg bails out with an error + message. You can force creation using the option `--yes'. If you + want some more control, you may not use `--batch' and gpg will ask for + confirmation and show the resulting key: + + ????? + ? $ gpg2 --quick-gen-key 'Daniel Ellsberg ' + ? About to create a key for: + ? "Daniel Ellsberg " + ? + ? Continue? (Y/n) y + ? gpg: A key for "Daniel Ellsberg " already exists + ? Create anyway? (y/N) y + ? gpg: creating anyway + ? [...] + ? pub rsa2048/BD19AC1C 2014-11-04 + ? Key fingerprint = 15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C + ? uid [ultimate] Daniel Ellsberg + ? sub rsa2048/72A4D018 2014-11-04 + ????? + + Another common operation is to sign a key. gpg can do this directly + from the command line by giving the fingerprint of the to-be-signed + key: + + ????? + ? $ gpg2 --quick-sign-key '15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C' + ? + ? pub rsa2048/BD19AC1C + ? created: 2014-11-04 expires: never usage: SC + ? trust: ultimate validity: ultimate + ? Primary key fingerprint: 15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C + ? + ? Daniel Ellsberg + ????? + + In case the key has already been signed, the command prints a note and + exits with success. In case you want to check that it really worked, + use `=--check-sigs' as usual: + + ????? + ? $ gpg2 --check-sigs '15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C' + ? gpg: checking the trustdb + ? gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + ? gpg: depth: 0 valid: 6 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 6u + ? pub rsa2048/BD19AC1C 2014-11-04 + ? uid [ full ] Daniel Ellsberg + ? sig!3 BD19AC1C 2014-11-04 Daniel Ellsberg + ? sig! 68FD0088 2014-11-04 Glenn Greenwald + ? sub rsa2048/72A4D018 2014-11-04 + ? sig! BD19AC1C 2014-11-04 Daniel Ellsberg + ????? + + + The fingerprint may also be given without the spaces in which case + there is no need for the quotes. If you want to sign only certain + user ids of a key, list those user id verbatim after the fingerprint. + To create a non-exportable key signature, use the command + `--quick-lsign-key' instead. + + +1.6 Improved Pinentry support +????????????????????????????? + + When using a recent Pinentry module (0.90, GTK+ variant), the + gpg-agent will not anymore show two separate Pinentry dialogs to enter + a new passphrase and later to confirm the new passphrase. Instead the + first dialog also has the confirm/repeat entry and internally checks + whether they match. + + With any Pinentry version the several separate dialogs to inform and + ask for confirmation about questionable properties of a new passphrase + (e.g. length, only alpha letters) have been combined into one dialog + to show all non-asserted constraints at once. + + The GTK+ Pinentry does now allow pasting of values into the entries. + Copying them from the entries is still inhibited on purpose. + Depending on the system, the option `no-grab' may be required for in + the `gpg-agent.conf' file to actually make use of the paste feature. + + +1.7 Auto-start of the gpg-agent +??????????????????????????????? + + The /gpg-agent/ is the central part of the GnuPG system. It takes + care of all private (secret) keys and if required diverts operations + to a smartcard or other token. It also provides support for the + Secure Shell by implementing the ssh-agent protocol. + + The classic way to run /gpg-agent/ on Unix systems is by launching it + at login time and use an environment variable (`GPG_AGENT_INFO') to + tell the other GnuPG modules how to connect to the agent. However, + correctly managing the start up and this environment variable is + cumbersome so that that an easier method is required. Since GnuPG + 2.0.16 the `--use-standard-socket' option already allowed to start the + agent on the fly; however the environment variable was still required. + + With GnuPG 2.1 the need of `GPG_AGENT_INFO' has been completely + removed and the variable is ignored. Instead a fixed Unix domain + socket named `S.gpg-agent' in the GnuPG home directory (by default + `~/.gnupg') is used. The agent is also started on demand by all tools + requiring services from the agent. + + If the option `--enable-ssh-support' is used the auto-start mechanism + does not work because /ssh/ does not know about this mechanism. + Instead it is required that the environment variable `SSH_AUTH_SOCK' + is set to the `S.gpg-agent.ssh' socket in the GnuPG home directory. + Further /gpg-agent/ must be started: Either by using a GnuPG command + which implicitly starts /gpg-agent/ or by using `gpgconf --launch + gpg-agent' to explicitly start it if not yet done. + + +1.8 Duplicate long key id fixes +??????????????????????????????? + + A deficit of the OpenPGP protocol is that signatures carry only a + limited indication on which public has been used to create a + signature. Thus a verification engine may only use this ?long key id? + to lookup the the key in its own store or from a public keyserver. + Unfortunately it has now become possible to create a key with a long + key id matching the key id of another key. Importing a key with a + long key id already used by another key in gpg?s local key store was + not possible due to checks done on import. Now, if the ?wrong? key + has been imported first /gpg/ would not allow to later import the + second ?correct? key. This problem has been fixed in 2.1 by allowing + the import and by doing trial verification against all matching keys. + + +1.9 Enhanced Dirmngr +???????????????????? + + Before version 2.1, /gpg/ used so-called keyserver helpers to access + the OpenPGP keyservers. A problem with that is that they are short + living processes which are not able to keep a state. With 2.1, the + formerly separate package Dirmngr (which was separate due to copyright + assignment reasons) has been integrated into GnuPG. + + In the past /dirmngr/ was only used by /gpgsm/ for X.509 (S/MIME) CRL + and OCSP handling. Being a proper part of GnuPG /dirmngr/ does now + also care about accessing OpenPGP keyservers. This make its easier to + debug problems with the keyservers and to exchange additional + information about the keyserver between /gpg/ and /dirmngr/. It will + eventually also be possible to run background tasks to refresh keys. + + Although the ability to start /dirmngr/ as a system service is still + available, this is not anymore recommended and instead /dirmngr/ is + now by default started on-demand, very similar to /gpg-agent/. + + +1.10 Better keyserver pool support +?????????????????????????????????? + + For load balancing reasons, keyservers are organized in pools to + enable instant round-robin DNS assignment of random keyservers. A + problem with that approach is that the DNS resolver is not aware of + the state of the keyserver. If a keyserver has gone down or a routing + problems occurs, /gpg/ and its keyserver helpers were not ware of it + and would try over and over to use the same, dead, keyserver up until + the DNS information expires and a the DNS resolver assigned a new + server from the pool. + + The new /dirmngr/ in GnuPG does not use the implicit round-robin of + the DNS resolver but uses its own DNS lookup and keeps an internal + table of all hosts from the pool along with the encountered aliveness + state. Thus after a failure (timeout) of a request, /dirmngr/ flags a + host as dead and randomly selects another one from the pool. After a + few hours the flag is removed so that the host will be tried again. + It is also possible to mark a specif host from a pool explicitly as + dead so that it won?t be used in future. To interact with the + /dirmngr/ the `gpg-connect-agent' tool is used: + + ????? + ? $ gpg-connect-agent --dirmngr 'help keyserver' /bye + ? $ gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye + ????? + + The first command prints a help screen for the keyserver command and + the second command prints the current host table. + + +1.11 Faster keyring format +?????????????????????????? + + The format GnuPG has always used for the public keyring is actually a + slighly extended version of the on-the-wire format for OpenPGP key + exchange. This format is quite inflexible to work with when random + access to keys in the keyring is required. In fact /gpg/ always + parsed all keys in the kering until it encountred the desired one. + With a large keyring (more than a few thousand keys) this could be + quite slow. + + From its very beginning /gpgsm/ has used a different format to store + public keys (certificates) which we call a /keybox/. That file format + carries meta information about the stored keys and thus allows + searching without actually parsing the key and computing fingerprints + and such. The /keybox/ format has been designed protocol independent + and with 2.1 support for OpenPGP keys has been added. Random access + to the keys is now really fast and keyrings with 30000 keys and more + are now easily possible. That change also enables us to easily + introduce other storage methods + + If no `pubring.gpg' is found, /gpg/ defaults to the new /keybox/ + format and creates a `pubring.kbx' keybox file. If such a keybox file + already exists, for example due to the use of /gpgsm/, it will also be + used for OpenPGP keys. However, if a `pubring.gpg' is found and no + keybox file with OpenPGP keys exists, the old `pubring.gpg' will be + used. Take care: GnuPG versions before 2.1 will always use the + `pubring.gpg' file and not know anything about keys stored in the + keybox file. + + To convert an existsing `pubring.gpg' file to the keybox format, you + first rename the file to (for example) `publickeys' so it won?t be + recognized by any GnupG version and then you run the command + + ????? + ? $ gpg2 --import publickeys + ????? + + You may then rename the `publickeys' file back so that it can be used + by older GnuPG versions. Remember that in this case you have two + independent copies of the public keys. + + +1.12 Auto-generated revocation certificates +??????????????????????????????????????????? + + This version creates an ASCII armored revocation certificate for each + generated keypair and stores that certificate in a file named after + the fingerprint of the key in the `openpgp-revocs.d' directory below + the GnuPG home directory. Brief instructions on how to use this + revocation certificate are put at the top of the file. + + +1.13 Improved card support +?????????????????????????? + + The /scdaemon/, which is responsible for accessing smardcards and + other tokens, has received may updates. In particilar pluggable USB + readers with a fixed card now work smoothless and simlar to standard + readers. The latest features of the /gnuk/ token are supported. Code + for the HSM smartcard has been added. More card readers with a PIN + pad are supported. The internal CCID driver does now also work with + certain non-auto configration equipped readers. + + +1.14 New format for key listings +???????????????????????????????? + + Due to the introduction of ECC keys the old format to list keys was + not anymore suitable. In particular, the length of an ECC key is + defined but its expressiveness is limited without the other parameters + of the curve. The common way to describe an ECC key is by using the + assigned name of its curve. To allow for a common description we now + either use the algorithm name with appended key length or use the name + of the curve: + + ????? + ? pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31] + ? pub dsa2048/1E42B367 2007-12-31 [expires: 2018-12-31] + ? pub ed25519/0AA914C9 2014-10-18 + ????? + + The first two lines show the same key in the old format and in the new + format. The third line shows an example of an ECC key using the + ed25519 curve. + + As a further change the validity of a key is now shown by default; + that is `show-uid-validity' is implicitly used for the + `--list-options'. + + The annotated key listing produced by the `--with-colons' options did + not change. However a couple of new fields have been added, for + example if the new option `--with-secret-' is used the ?S/N of a token + field? indicates the presence of a secret key even in a public key + listing. This option is supported by recent [GPGME] versions and + makes writing of key manager software easier. + + + [GPGME] https://gnupg.org/related_software/gpgme/ + + +1.15 Support for Putty +?????????????????????? + + On Windows the new option `--enable-putty-support' allows gpg-agent to + act as a replacement for [Putty]?s authentication agent /Pageant/. It + is the Windows counterpart for the `--enable-ssh-support' option as + used on Unix. + + + [Putty] http://www.chiark.greenend.org.uk/~sgtatham/putty/ + + +1.16 Improved X.509 certificate creation +???????????????????????????????????????? + + In addition to an improved certificate signing request menu, it is now + possible to create a self-signed certificate using the interactive + menu of /gpgsm/. + + In batch mode the certificate creation dialog can now be controlled by + a parameter file with several new keywords. Such a parameter file + allows the creation of arbitrary X.509 certificates similar to what + can be done with /openssl/. It may this be used as the base for a CA + software. For details see the ?CSR and certificate creation? section + in the manual. + + The new commands `--export-secret-key-p8' and ?export-secret-key-raw= + may be used to export a secret key directly in PKCS#8 or PKCS#1 + format. Thus X.509 certificates for TLS use may be managed by /gpgsm/ + and directly exported in a format suitable for OpenSSL based servers. + + +1.17 Scripts to create a Windows installer +?????????????????????????????????????????? + + GnuPG now comes with the /speedo/ build system which may be used to + quickly download and build GnuPG and all its direct dependencies on a + decent Unix system. See the README file for more instructions. + + The very same script may also be used to build a complete NSIS based + installer for Windows using the mingw-w64 cross-compiler toolchain. + That installer will feature GnuPG proper, GPA as graphical frontend, + and GpgEX as a Windows Explorer extension. GnuPG needs to be unpacked + and from the top source directory you run this command + + ????? + ? make -f build-aux/speedo.mk w32-installer + ????? + + This command downloads all direct dependencies, checks the signatures + using the GnuPG version from the build system (all Linux distros + feature a suitable GnuPG tool), builds everthing from source, and uses + NSIS to create the installer. Although this sounds easy, some + experience in setting up a development machine is still required. + Some versions of the toolchain exhibit bugs and thus your mileage may + vary. Support for keyserver access over TLS is currently not + available but will be added with one of the next point releases. + + + + # Copyright 2014 The GnuPG Project. + # This work is licensed under the Creative Commons + # Attribution-ShareAlike 4.0 International License. To view a copy of + # this license, visit http://creativecommons.org/licenses/by-sa/4.0/ + # or send a letter to Creative Commons, PO Box 1866, Mountain View, CA + # 94042, USA. + # + # The canonical source for this article can be found in the gnupg-doc + # git repository as web/faq/whats-new-in-2.1.org. commit b3ebecfc7c6f39fb3d84fa9b16d5a6a65f6f7322 Author: Werner Koch Date: Tue Nov 4 16:32:30 2014 +0100 Add open card manufacturer 0x0008. -- diff --git a/g10/card-util.c b/g10/card-util.c index 08a969a..37fa9a6 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -209,6 +209,7 @@ get_manufacturer (unsigned int no) case 0x0005: return "ZeitControl"; case 0x0006: return "Yubico"; case 0x0007: return "OpenKMS"; + case 0x0008: return "LogoEmail"; case 0x002A: return "Magrathea"; commit 5e8c5727ab1f84fb60b7579265623bcba5546452 Author: Werner Koch Date: Tue Nov 4 16:31:44 2014 +0100 Remove note about estream from AUTHORS. -- estream has been moved to libgpg-error. diff --git a/AUTHORS b/AUTHORS index faf0c7f..eb42043 100644 --- a/AUTHORS +++ b/AUTHORS @@ -196,10 +196,6 @@ The need for copyright assignments to the FSF has been waived on 2013-03-29; the need for copyright disclaimers for translations already in December 2012. -The files common/libestream.[ch] are maintained as a separate project -by g10 Code GmbH. These files, as used here, are considered part of -GnuPG. - The RPM specs file scripts/gnupg.spec has been contributed by several people. commit cf41763cdf029461f160925e1e3b3593ac292a39 Author: Werner Koch Date: Tue Nov 4 16:28:03 2014 +0100 Change a couple of files to use abbreviated copyright notes. -- Also fixed some of my own copyright notices due to the termination of my assignment. The one displayed by --version is kept at FSF because we had contributors in 2014 with FSF assignments and it gives the FSF some visibility. diff --git a/AUTHORS b/AUTHORS index feede06..faf0c7f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -15,7 +15,7 @@ copyrightable year that would otherwise be listed individually. List of Copyright holders ========================= - Copyright (C) 1997-1998, 2013-2014 Werner Koch + Copyright (C) 1997-2014 Werner Koch Copyright (C) 1994-2013 Free Software Foundation, Inc. Copyright (C) 2003-2013 g10 Code GmbH Copyright (C) 2002 Klar?lvdalens Datakonsult AB @@ -224,10 +224,8 @@ at the bottom of this file. ========= - Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - 2006, 2007, 2008, 2009, 2010, 2011, - 2012, 2013 Free Software Foundation, Inc. - Copyright 1997, 1998, 2013, 2014 Werner Koch + Copyright 1998-2013 Free Software Foundation, Inc. + Copyright 1997-2014 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/NEWS b/NEWS index 908a12b..802e26e 100644 --- a/NEWS +++ b/NEWS @@ -1,11 +1,13 @@ -Noteworthy changes in version 2.1.0 (unreleased) +Noteworthy changes in version 2.1.0 (2014-11-06) ------------------------------------------------ - * This release introduces a lot of changes. Most of them are - internal and thus not user visible. However, some long standing - behavior has slightly changed and it is strongly suggested that an - existing "~/.gnupg" directory is backed up before this version is - used. + This release introduces a lot of changes. Most of them are internal + and thus not user visible. However, some long standing behavior has + slightly changed and it is strongly suggested that an existing + "~/.gnupg" directory is backed up before this version is used. + + A verbose description of the major new features and changes can be + found in the file doc/whats-new-in-2.1.txt. * gpg: All support for v3 (PGP 2) keys has been dropped. All signatures are now created as v4 signatures. v3 keys will be diff --git a/README b/README index ad52077..fef57aa 100644 --- a/README +++ b/README @@ -2,7 +2,7 @@ ========================= Version 2.1 - Copyright 1997-1998, 2013-2014 Werner Koch + Copyright 1997-2014 Werner Koch Copyright 1998-2013 Free Software Foundation, Inc. @@ -164,6 +164,10 @@ * HOW TO GET MORE INFORMATION + A description of new features and changes in version 2.1 can be + found in the file "doc/whats-new-in-2.1.txt" and online at + "https://gnupg.org/faq/whats-new-in-2.1.html" . + The primary WWW page is "https://www.gnupg.org" or using TOR "http://ic6au7wa3f6naxjq.onion" The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" diff --git a/agent/command-ssh.c b/agent/command-ssh.c index f3ef30c..493011c 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -1,6 +1,6 @@ /* command-ssh.c - gpg-agent's ssh-agent emulation layer - * Copyright (C) 2004, 2005, 2006, 2009, 2012 Free Software Foundation, Inc. - * Copyright (C) 2013, 2014 Werner Koch + * Copyright (C) 2004-2006, 2009, 2012 Free Software Foundation, Inc. + * Copyright (C) 2004-2006, 2009, 2012-2014 Werner Koch * * This file is part of GnuPG. * diff --git a/agent/command.c b/agent/command.c index 7f8759d..11bfbeb 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1,7 +1,6 @@ /* command.c - gpg-agent command handler - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009, 2010, - * 2011 Free Software Foundation, Inc. - * Copyright (C) 2013 Werner Koch + * Copyright (C) 2001-2011 Free Software Foundation, Inc. + * Copyright (C) 2001-2013 Werner Koch * * This file is part of GnuPG. * diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 6ea2666..671dd4c 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -1,6 +1,5 @@ /* cvt-openpgp.c - Convert an OpenPGP key to our internal format. - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2006, 2009, - * 2010 Free Software Foundation, Inc. + * Copyright (C) 1998-2002, 2006, 2009, 2010 Free Software Foundation, Inc. * Copyright (C) 2013, 2014 Werner Koch * * This file is part of GnuPG. diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 3f03ff4..720f5f4 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1,7 +1,6 @@ /* gpg-agent.c - The GnuPG Agent - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2009, - * 2010 Free Software Foundation, Inc. - * Copyright (C) 2013, 2014 Werner Koch + * Copyright (C) 2000-2007, 2009-2010 Free Software Foundation, Inc. + * Copyright (C) 2000-2014 Werner Koch * * This file is part of GnuPG. * diff --git a/agent/pksign.c b/agent/pksign.c index 0160a11..d737bad 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -1,6 +1,6 @@ /* pksign.c - public key signing (well, actually using a secret key) - * Copyright (C) 2001, 2002, 2003, 2004, 2010 Free Software Foundation, Inc. - * Copyright (C) 2013 Werner Koch + * Copyright (C) 2001-2004, 2010 Free Software Foundation, Inc. + * Copyright (C) 2001-2004, 2010, 2013 Werner Koch * * This file is part of GnuPG. * diff --git a/agent/protect.c b/agent/protect.c index f633d56..01e72c2 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -1,7 +1,6 @@ /* protect.c - Un/Protect a secret key - * Copyright (C) 1998, 1999, 2000, 2001, 2002, - * 2003, 2007, 2009, 2011 Free Software Foundation, Inc. - * Copyright (C) 2013 Werner Koch + * Copyright (C) 1998-2003, 2007, 2009, 2011 Free Software Foundation, Inc. + * Copyright (C) 1998-2003, 2007, 2009, 2011, 2013 Werner Koch * * This file is part of GnuPG. * diff --git a/common/argparse.c b/common/argparse.c index 844c170..0a36a9e 100644 --- a/common/argparse.c +++ b/common/argparse.c @@ -1,7 +1,6 @@ /* [argparse.c wk 17.06.97] Argument Parser for option handling - * Copyright (C) 1998, 1999, 2000, 2001, 2006 - * 2007, 2008, 2012 Free Software Foundation, Inc. - * Copyright (C) 1997, 2013 Werner Koch + * Copyright (C) 1998-2001, 2006-2008, 2012 Free Software Foundation, Inc. + * Copyright (C) 1997-2001, 2006-2008, 2013 Werner Koch * * This file is part of JNLIB, which is a subsystem of GnuPG. * diff --git a/configure.ac b/configure.ac index ce328e6..8cc06e1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,6 @@ # configure.ac - for GnuPG 2.1 -# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, -# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. -# Copyright (C) 2013, 2014 Werner Koch +# Copyright (C) 1998-2012 Free Software Foundation, Inc. +# Copyright (C) 1998-2014 Werner Koch # # This file is part of GnuPG. # diff --git a/g10/card-util.c b/g10/card-util.c index d7a6754..08a969a 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1,5 +1,6 @@ /* card-util.c - Utility functions for the OpenPGP card. - * Copyright (C) 2003, 2004, 2005, 2009 Free Software Foundation, Inc. + * Copyright (C) 2003-2005, 2009 Free Software Foundation, Inc. + * Copyright (C) 2003-2005, 2009 Werner Koch * * This file is part of GnuPG. * diff --git a/g10/gpg.c b/g10/gpg.c index 470d152..c188d4a 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1,7 +1,6 @@ /* gpg.c - The GnuPG utility (main for gpg) - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 - * 2008, 2009, 2010, 2011 Free Software Foundation, Inc. - * Copyright (C) 2013, 2014 Werner Koch + * Copyright (C) 1998-2011 Free Software Foundation, Inc. + * Copyright (C) 1997-2014 Werner Koch * * This file is part of GnuPG. * diff --git a/g10/options.skel b/g10/options.skel index 9303f79..20b5711 100644 --- a/g10/options.skel +++ b/g10/options.skel @@ -2,8 +2,8 @@ # the users home directory. # $Id$ # Options for GnuPG -# Copyright 1998, 1999, 2000, 2001, 2002, 2003, -# 2010 Free Software Foundation, Inc. +# Copyright 1998-2003, 2010 Free Software Foundation, Inc. +# Copyright 1998-2003, 2010 Werner Koch # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 9c55297..a1f45e2 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -1,6 +1,6 @@ /* scdaemon.c - The GnuPG Smartcard Daemon - * Copyright (C) 2001, 2002, 2004, 2005, - * 2007, 2008, 2009 Free Software Foundation, Inc. + * Copyright (C) 2001-2002, 2004-2005, 2007-2009 Free Software Foundation, Inc. + * Copyright (C) 2001-2002, 2004-2005, 2007-2014 Werner Koch * * This file is part of GnuPG. * diff --git a/sm/gpgsm.c b/sm/gpgsm.c index cc8039c..03b9bb9 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1,6 +1,6 @@ /* gpgsm.c - GnuPG for S/MIME - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, - * 2010 Free Software Foundation, Inc. + * Copyright (C) 2001-2008, 2010 Free Software Foundation, Inc. + * Copyright (C) 2001-2008, 2010 Werner Koch * * This file is part of GnuPG. * commit 587a0956b9d3292452a700d96e8d89a0b4bbae0f Author: Werner Koch Date: Tue Nov 4 10:52:46 2014 +0100 gpg: Print use --full-gen-key note using the installed name of gpg. -- diff --git a/g10/keygen.c b/g10/keygen.c index 7aff438..2610af5 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3722,7 +3722,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname, { tty_printf ( _("Note: Use \"%s %s\"" " for a full featured key generation dialog.\n"), - GPG_NAME, "--full-gen-key" ); + NAME_OF_INSTALLED_GPG, "--full-gen-key" ); para = quickgen_set_para (para, 0, DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE, DEFAULT_STD_CURVE); ----------------------------------------------------------------------- Summary of changes: AUTHORS | 12 +- NEWS | 14 +- README | 6 +- agent/command-ssh.c | 4 +- agent/command.c | 5 +- agent/cvt-openpgp.c | 3 +- agent/gpg-agent.c | 5 +- agent/pksign.c | 4 +- agent/protect.c | 5 +- common/argparse.c | 5 +- configure.ac | 5 +- doc/DETAILS | 2 +- doc/Makefile.am | 2 +- doc/gpgsm.texi | 2 +- doc/whats-new-in-2.1.txt | 712 ++++++++++++++++++++++++++++++++++++++++++++++ g10/card-util.c | 4 +- g10/gpg.c | 5 +- g10/keygen.c | 2 +- g10/options.skel | 4 +- scd/scdaemon.c | 4 +- sm/gpgsm.c | 4 +- 21 files changed, 758 insertions(+), 51 deletions(-) create mode 100644 doc/whats-new-in-2.1.txt hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 5 08:27:39 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Nov 2014 08:27:39 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-29-gb453226 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b453226f566b92be0d339d3126eaba75237e97fb (commit) via 91b826a38880fd8a989318585eb502582636ddd8 (commit) via 46fa1e0fe9f7407f12aa854e5cdb54624af3e89b (commit) from e568b488e75aeb59b0930bb810186c65e343894c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b453226f566b92be0d339d3126eaba75237e97fb Author: Werner Koch Date: Wed Nov 5 08:27:47 2014 +0100 po: Auto update. -- Due to removed strings. diff --git a/po/de.po b/po/de.po index f15de3c..5f00126 100644 --- a/po/de.po +++ b/po/de.po @@ -1643,11 +1643,6 @@ msgstr "" msgid "using subkey %s instead of primary key %s\n" msgstr "der Unterschl??ssel %s wird anstelle des Hauptschl??ssels %s verwendet\n" -#, c-format -msgid "no secret subkey for public subkey %s - ignoring\n" -msgstr "" -"Kein privater Unterschl??ssel zum ??ffentlichen Unterschl??ssel %s - ignoriert\n" - msgid "make a signature" msgstr "Eine Signatur erzeugen" @@ -8019,6 +8014,11 @@ msgstr "" "Syntax: gpg-check-pattern [optionen] Musterdatei\n" "Die von stdin gelesene Passphrase gegen die Musterdatei pr??fen\n" +#~ msgid "no secret subkey for public subkey %s - ignoring\n" +#~ msgstr "" +#~ "Kein privater Unterschl??ssel zum ??ffentlichen Unterschl??ssel %s - " +#~ "ignoriert\n" + #~ msgid "use a standard location for the socket" #~ msgstr "Benutze einen Standardnamen f??r den Socket" diff --git a/po/ja.po b/po/ja.po index 0faf222..db6258e 100644 --- a/po/ja.po +++ b/po/ja.po @@ -955,6 +955,11 @@ msgstr "?????????????????????????????????" msgid "missing argument" msgstr "?????????????????????" +#, fuzzy +#| msgid "invalid value\n" +msgid "invalid argument" +msgstr "????????????\n" + msgid "invalid command" msgstr "?????????????????????" @@ -971,6 +976,11 @@ msgstr "????????????????????????" msgid "missing argument for option \"%.50s\"\n" msgstr "???????????????\"%.50s\"???????????????????????????\n" +#, fuzzy, c-format +#| msgid "missing argument for option \"%.50s\"\n" +msgid "invalid argument for option \"%.50s\"\n" +msgstr "???????????????\"%.50s\"???????????????????????????\n" + #, c-format msgid "option \"%.50s\" does not expect an argument\n" msgstr "???????????????\"%.50s\"???????????????????????????\n" @@ -1606,10 +1616,6 @@ msgstr "--allow-non-selfsigned-uid?????????????????????????????????%s??????\n" msgid "using subkey %s instead of primary key %s\n" msgstr "??????%s(??????%s????????????)???????????????\n" -#, c-format -msgid "no secret subkey for public subkey %s - ignoring\n" -msgstr "????????????%s????????????????????????????????????????????? - ??????\n" - msgid "make a signature" msgstr "???????????????" @@ -7776,6 +7782,9 @@ msgstr "" "??????: gpg-check-pattern [???????????????] ????????????????????????\n" "????????????????????????????????????????????????????????????????????????????????????\n" +#~ msgid "no secret subkey for public subkey %s - ignoring\n" +#~ msgstr "????????????%s????????????????????????????????????????????? - ??????\n" + #, fuzzy #~| msgid "Note: no default option file '%s'\n" #~ msgid "NOTE: no default option file '%s'\n" diff --git a/po/uk.po b/po/uk.po index 2fc151c..2900ef1 100644 --- a/po/uk.po +++ b/po/uk.po @@ -977,6 +977,11 @@ msgstr "?????????????? ?????????? ?????????????? ??????????" msgid "missing argument" msgstr "???? ???????????????? ??????????????????" +#, fuzzy +#| msgid "invalid value\n" +msgid "invalid argument" +msgstr "???????????????????? ????????????????\n" + msgid "invalid command" msgstr "???????????????????? ??????????????" @@ -993,6 +998,11 @@ msgstr "?????????????????????? ????????????????" msgid "missing argument for option \"%.50s\"\n" msgstr "???? ?????????????? ?????????????????? ???? ?????????????????? ??%.50s??\n" +#, fuzzy, c-format +#| msgid "missing argument for option \"%.50s\"\n" +msgid "invalid argument for option \"%.50s\"\n" +msgstr "???? ?????????????? ?????????????????? ???? ?????????????????? ??%.50s??\n" + #, c-format msgid "option \"%.50s\" does not expect an argument\n" msgstr "?????? ?????????????????? ??%.50s?? ?????????????????? ???? ???????????????? ??????????????????\n" @@ -1646,10 +1656,6 @@ msgstr "" msgid "using subkey %s instead of primary key %s\n" msgstr "???????????????????????????? ?????????????? %s ?????????????? ?????????????????? ?????????? %s\n" -#, c-format -msgid "no secret subkey for public subkey %s - ignoring\n" -msgstr "?????????? ?????????????????? ???????????????? ?????? ???????????????????? ???????????????? %s ??? ??????????????????????\n" - msgid "make a signature" msgstr "???????????????? ????????????" @@ -7991,6 +7997,9 @@ msgstr "" "??????????????????: gpg-check-pattern [??????????????????] ????????_????????????????\n" "???????????????????? ????????????, ???????????????? ?? stdin, ???? ?????????????????? ??????????_????????????????\n" +#~ msgid "no secret subkey for public subkey %s - ignoring\n" +#~ msgstr "?????????? ?????????????????? ???????????????? ?????? ???????????????????? ???????????????? %s ??? ??????????????????????\n" + #, fuzzy #~| msgid "Note: no default option file '%s'\n" #~ msgid "NOTE: no default option file '%s'\n" commit 91b826a38880fd8a989318585eb502582636ddd8 Author: Werner Koch Date: Wed Nov 5 08:23:15 2014 +0100 Avoid sign extension when shifting the MSB. * sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before shifting. * g10/build-packet.c (delete_sig_subpkt): Ditto. Signed-off-by: Werner Koch diff --git a/g10/build-packet.c b/g10/build-packet.c index c04abab..6bd1c9b 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -618,8 +618,10 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype ) if( n == 255 ) { if( buflen < 4 ) break; - n = (buffer[0] << 24) | (buffer[1] << 16) - | (buffer[2] << 8) | buffer[3]; + n = (((size_t)buffer[0] << 24) + | (buffer[1] << 16) + | (buffer[2] << 8) + | buffer[3]); buffer += 4; buflen -= 4; } diff --git a/sm/fingerprint.c b/sm/fingerprint.c index b0c7608..b849afb 100644 --- a/sm/fingerprint.c +++ b/sm/fingerprint.c @@ -149,8 +149,14 @@ gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high) gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); if (r_high) - *r_high = ((digest[12]<<24)|(digest[13]<<16)|(digest[14]<< 8)|digest[15]); - return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]); + *r_high = (((unsigned long)digest[12]<<24) + |(digest[13]<<16) + |(digest[14]<< 8) + |digest[15]); + return (((unsigned long)digest[16]<<24) + |(digest[17]<<16) + |(digest[18]<<8) + |digest[19]); } commit 46fa1e0fe9f7407f12aa854e5cdb54624af3e89b Author: Werner Koch Date: Tue Nov 4 21:47:03 2014 +0100 Remove all expired common CA certificates. * doc/com-certs.pem: Remove certifciates. -- They might be useful for the chain validation mode but I doubt that it is used often enough to justify having all these expired certificates in the store. diff --git a/doc/com-certs.pem b/doc/com-certs.pem index b3d5fa2..33dd40c 100644 --- a/doc/com-certs.pem +++ b/doc/com-certs.pem @@ -46,441 +46,6 @@ zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD -----END CERTIFICATE----- -Issuer ...: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=Regulierungsbeh?orde f?ur Telekommunikation und Post/C=DE -Serial ...: 32D18D -Subject ..: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=Regulierungsbeh?orde f?ur Telekommunikation und Post/C=DE - ------BEGIN CERTIFICATE----- -MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w -OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0 -aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w -IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC -REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11 -bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg -MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2 -wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf -mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P -ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG -KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe -IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn -XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ= ------END CERTIFICATE----- - -Issuer ...: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE -Serial ...: 2A -Subject ..: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE - ------BEGIN CERTIFICATE----- -MIIDoTCCAw2gAwIBAgIBKjAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG -A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzEwUi1DQSAxOlBOMB4X -DTA1MDgwMzE1MzAzNloXDTA3MTIzMTE1MDkyM1owPzELMAkGA1UEBhMCREUxGjAY -BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMFItQ0EgMTpQTjCB -oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAiHXC5/hw6rYNc/4cilHLjd/SqwS3 -4LaogQHZVFciyYJ0+5gAfca/kLnPEvOUuYSYNfb2ar0e/iDPxZAAEfqfVGuRT9Pa -R7hWvPiZUFpoGcNvyOVxKuM9Iyx/i1wan/wS6u12QIgGBUek5ig1+TTwuuNcanlW -kQPuodHs+BoUGHMCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB -BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG -Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw -EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh -cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50 -dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv -Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp -b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF -MAMBAf8wHwYDVR0jBBgwFoAUw8916sARU0UT/pdlYwBpUwKWuWQwHQYDVR0OBBYE -FMPPderAEVNFE/6XZWMAaVMClrlkMAoGBiskAwMBAgUAA4GBAGXK8m/O9KmfaZuA -1GzMyasIHx8Lu+V0da8NTZzAmqAl+44MtS4QNcZdtxsDvOcqHHs1Tosh9D398hSG -hXd6gjniKWxMKvjL8TQKu999QIn6YKLCowjUYpp8v4B9X8jNa9vJy2EzoPOBmdWT -l5hhXfvWpPe68kN9zaEmcDO+m60H ------END CERTIFICATE----- - -Issuer ...: /CN=9R-CA 1:PN/O=Regulierungsbeh?rde f?r Telekommunikation und Post/C=DE -Serial ...: 02 -Subject ..: /CN=9R-CA 1:PN/O=Regulierungsbeh?rde f?r Telekommunikation und Post/C=DE - ------BEGIN CERTIFICATE----- -MIIEEjCCA36gAwIBAgIBAjAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG -A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv -biB1bmQgUG9zdDETMBEGA1UEAwwKOVItQ0EgMTpQTjAeFw0wNDExMjUxNDU5MTFa -Fw0wNzEyMzExNDU2NTlaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll -cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw -EQYDVQQDDAo5Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCN -0ECEO2KjPsHBz2cmOSePEmKEH33Q/vRUl1u8D2Uus3txZgqRvCs0F7HzAtDJKSap -C1+qj5t1R4g8jrlWwsqi+oOc3bpUuPMLo+ys9PG7ODK+xZuwFlezO6rj30mEj+y0 -HMxCaTAedim2J5CmWcqQtATGGzwqYHEVFYo0y5kuuQIEQAAAgaOCAd0wggHZMA4G -A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF -BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw -L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E -gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D -UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p -a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k -ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs -YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB -wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRnBgT5ZxC7e1vJLBj+ -92+P1kZrJzAdBgNVHQ4EFgQUZwYE+WcQu3tbySwY/vdvj9ZGaycwCgYGKyQDAwEC -BQADgYEACAnkgbAd47VgJqu5CY3B6AlxbGkor2guYHXO+KgBkQeXDVWt4ZvN9hY2 -blhPMc/sLv+Tmg9zjyzjqQdxhWXUDoctorBny8LQQQvMqAtc8qk6DL+X0heq1U2k -s1e8wj9AUGOfvmSL/r1BWPzLOCWay2bHQCQ1sU5QnvNbmJO21GI= ------END CERTIFICATE----- - -Issuer ...: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE -Serial ...: 2D -Subject ..: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE - ------BEGIN CERTIFICATE----- -MIIDoTCCAw2gAwIBAgIBLTAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG -A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzExUi1DQSAxOlBOMB4X -DTA1MDgwMzE4MDk0OVoXDTA3MTIzMTE4MDQyOFowPzELMAkGA1UEBhMCREUxGjAY -BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMVItQ0EgMTpQTjCB -oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAkodoSFtoGjJphYloxQLsmyOe/M5h -UpURxSkop41MtGlrHeOeQsxMSRdCJInwjLKZg9Pxd92QFsB3f6AJUGTO7z6PJ/ST -+m0EBksoPtciWLYtlRXtD/RK6mUB7CG5CfqK6AUHbWtXW6mNAZLoJOd0jLsQCUi8 -XmHP92vfmW2ptSkCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB -BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG -Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw -EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh -cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50 -dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv -Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp -b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF -MAMBAf8wHwYDVR0jBBgwFoAUXYAPovSdSBb8oBS7lEJmWSK6incwHQYDVR0OBBYE -FF2AD6L0nUgW/KAUu5RCZlkiuop3MAoGBiskAwMBAgUAA4GBAIxx56h5+p2lqK0v -hRVwkWAAPduspH4U9q7QsFIWbEkFe+2TcXx7MV9NAUe4kN9MsN9CEgSSeLDfpIFA -uyHndqgmDaqXmWSDl2QutHQwSj8a04bSNbY7s0FUCMqrr/465Rf6quIWi7qXhwDe -yDmXv3nzPTGVM3F+aavJCybjJ1qk ------END CERTIFICATE----- - -Issuer ...: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE -Serial ...: 0139 -Subject ..: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE - ------BEGIN CERTIFICATE----- -MIIErTCCA5WgAwIBAgICATkwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx -GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMlItQ0EgMTpQ -TjAeFw0wNzA1MjUxMTAxNDRaFw0xMjA1MjUxMDU2MDdaMD8xCzAJBgNVBAYTAkRF -MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTJSLUNBIDE6 -UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCYOqYxUqr6ZdlIuVaz -1raETmld82tCCFjUnIlHGpaTbBGQ9ddW4pdkdNmK4dHDesAnGFB6tgZzFTYivjTY -Jyzv3NunMth8AjwCivQ0u2RBlunY2jg6dNSeTwGlmOlG709HgWPHvvAboqLDoV81 -knMbNbG4P7Ff/+lsTnbN/gT0X5fHUz5UO3eowyl2kD6GBZwb+noR/86U0V39yXsk -ZD/NNBXKOzKo9VXx09S1Uq027Cc+VIa62DWUeUGiUDjCXXJoaAF2wQcD/crrAJlU -zeOVZkSzRJXpjpG8kZhKgSgOpgfnpjDXAXWbkJuyDL2fqXLPxAyBq3ThgUHZT99s -QSd3AgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww -CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v -b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL -MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw -Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs -ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp -c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw -GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G -A1UdIwQYMBaAFATenX/fQ3KJumlJAfToSSjeAhlvMB0GA1UdDgQWBBQE3p1/30Ny -ibppSQH06Eko3gIZbzANBgkqhkiG9w0BAQ0FAAOCAQEADf4IOMHGmSpkPc1UP0LS -sK8Y/xXvOgdHPx4f2CpcgUKRRk+Ue9MKiZG0KCFaNK9Qpnxejuk42Iu3flC5kn8T -fPQWtxC3ZQqD8sd6EX/FDdfkHJFJ9rIYKiSG6m2PDBUcbpQZ9kwhC7qCKE1coUhb -FW3WbntkDtrQycz7ZyQ6Ip+PpRoxwToJqTsExb+8whukhOo1vsgdaMZS/6iwwVkt -rJvl7EWMJVWctm15iDQzp4sawgSOg7U5icyTb1q+FqI5KlAfd/dRbv2yvThiOl7+ -bfN9Brosoxtwi/uJO8vSGOCIUUkiGhIk7+OX+mvppTG+7R1Jn6Af6AOzGSbQz5Ks -Uw== ------END CERTIFICATE----- - -Issuer ...: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE -Serial ...: 013C -Subject ..: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE - ------BEGIN CERTIFICATE----- -MIIErTCCA5WgAwIBAgICATwwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx -GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxM1ItQ0EgMTpQ -TjAeFw0wNzA1MjkxMTAyMzdaFw0xMjA1MjkxMDU1NTRaMD8xCzAJBgNVBAYTAkRF -MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTNSLUNBIDE6 -UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCaXK0TY+Vp+Hxx8B9D -lrHkc0zRdhXNuDP4Cedl9e6wPwdi90HVEjDK3FoDv7UPBtgGwMzRUQVIz/etbcQr -tnGwSQlsDI/Q5R1HAh241+/rWYodi6OqNsNeb065RRBlwHAa4uvT3b/Cj/OJI5Kp -6qRPquK0iuMaFwuxGCxfhTLOmmGVNYOE7/9UzKXA2yvthY3jfmIm18l/z08PgUYj -rjENdrez3ZRgjZ/XsXSNw3B2K3cZQ+xRP4rqfkmfPO8T6UhOeoiQFx2v1PizBWRQ -uiUtFjrCiaDeBjo3kfGgbpdPnHzqUEoEOyAlsglFLJC9xaCiLtt2ic1/1OFFlNgQ -tLJLAgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww -CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v -b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL -MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw -Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs -ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp -c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw -GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G -A1UdIwQYMBaAFAYenQPZrutto05LK939ru/TEqiNMB0GA1UdDgQWBBQGHp0D2a7r -baNOSyvd/a7v0xKojTANBgkqhkiG9w0BAQ0FAAOCAQEADrtfqJ8lnYsVyV5YK/H/ -evPf9LY1AfuuQkMkm9UP9a9BBQINoIULB+n+gF/c0dxEboF74Ikp08dhDOq0mjvj -f0lpsBPgX/eN9IOWdMBs3rKIXn7suOoUtnBuFgW6fJ32CPTLUQd5Dqv9DizTiKMf -X66oMBQD784IKya1bLaJd7x1UXtP1h2DAej1scF9DbiDDDieuid0wyibrPDgjUN1 -tbYiLH2did0zZRLlp6gDpgh4t8Efqb7XDijKzQHvWKzr4IALTpYoD42yeslMa5yV -mm15NhiRGAdX+JbvYgfP3aDIMX/yoaMB8GXEUq7CmFhAwpxfhy/oyvswX5MyE8D2 -Lw== ------END CERTIFICATE----- - - -Issuer ...: /CN=8R-CA 1:PN/O=Regulierungsbeh?rde f?r Telekommunikation und Post/C=DE -Serial ...: 01 -Subject ..: /CN=8R-CA 1:PN/O=Regulierungsbeh?rde f?r Telekommunikation und Post/C=DE - ------BEGIN CERTIFICATE----- -MIIEEjCCA36gAwIBAgIBATAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG -A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv -biB1bmQgUG9zdDETMBEGA1UEAwwKOFItQ0EgMTpQTjAeFw0wNDExMjUxNDEwMzda -Fw0wNzEyMzExNDA0MDNaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll -cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw -EQYDVQQDDAo4Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCS -DvtngJbI4K8sbCHFfCalXaDa7xgc2pdsL2oQlgZygt1EY5ZgZB93JThnDSaDzdLj -ZIPrXJLxCOLq6Kmxj63V9p9WUaF5nz/6PVRMmLzI7cvh5QDjsX4ZmEzm/it7e/YH -vC1Yiw5bTULjwVZ27vqO64mhplQM3HKVgk6FX51XnwIEQAAAgaOCAd0wggHZMA4G -A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF -BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw -L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E -gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D -UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p -a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k -ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs -YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB -wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTuKY5dMBMWc1wFL/fr -arlCuHKNBDAdBgNVHQ4EFgQU7imOXTATFnNcBS/362q5QrhyjQQwCgYGKyQDAwEC -BQADgYEAbDMwH4zJB/0qgmbBWvvCGJsm9lmLzLdOcB8HCm1EvlCLqaCX7TwoUuBN -voxU9OHt1wAbChNP+ueDmI/0u2KRNv6/t4cOB8d4navwsW5nmknSzdZ6UZTUfmCr -n6XIdUtl2hkiFlQpCvCIBFj/+PjQRMdovRN42EQ9XVhb5B2MGv8= ------END CERTIFICATE----- - -Issuer ...: /CN=7R-CA 1:PN/NameDistinguisher=1/O=Regulierungsbeh?orde f?ur Telekommunikation und Post/C=DE -Serial ...: 00C48C8D -Subject ..: /CN=7R-CA 1:PN/NameDistinguisher=1/O=Regulierungsbeh?orde f?ur Telekommunikation und Post/C=DE - ------BEGIN CERTIFICATE----- -MIICaTCCAdWgAwIBAgIEAMSMjTAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9 -MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth -dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBO -MCIYDzIwMDExMDE1MTExNTE1WhgPMjAwNjAyMTUxMTE1MTVaMG8xCzAJBgNVBAYT -AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t -dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjdSLUNB -IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIqJA/4+pRD+BXsRd+ej -qVObXlKRhn1CoyKxVwR3O/RtE1M4FcajKDdT1p1pLULyqPBE2roMS5D/f83192gE -Mw1uGZIusehg6n8tPQIJPkSb4X22yM0ZFeLAQXKNJ+98e03xv/TU4Fa//elPiPs/ -9Y99Gm6DOvTpCxIY8QK9Pxm7AgUAwAAAAaMSMBAwDgYDVR0PAQH/BAQDAgEGMAoG -BiskAwMBAgUAA4GBADnITH+fLD0qsWcAncwPztzTAnqUw9O0+yvfmxvEU0zcJRuF -Tl8DK+/aKp4SwVhRJZlWxenHzkjWynsUXBUv878gizllRpA7265REyHQki4NnxAi -OGxEVGe/NbGeU88Pgnk7alhtdA/Ty8/WX9a3U/0G4pLaJppxGSm+ypQZ0XOY ------END CERTIFICATE----- - - -Issuer ...: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE -Serial ...: 00B95F -Subject ..: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE - aka ..: info at d-trust.net - aka ..: (uri http://www.d-trust.net) - ------BEGIN CERTIFICATE----- -MIIFCjCCA/KgAwIBAgIDALlfMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF -MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm -aWVkIFJvb3QgQ0EgMSAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy -NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG -A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAxIDIwMDY6UE4wggEkMA0G -CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQCPACqp8H/KTbDBUM8BTiRzsfCJmN5G -Uxv8x3wsYLMtZ8meq04vEun2OneNeKZ2LxJy3UchUWitYP9pLPt9M8yt0pyuOXOQ -5r2RPAM46OlfStoPbZ+lCxpZbNcQGLM+/OcQU9GoCNWWkDSctwIN8T4mUf7vSzuT -jM4n5NHW7Y8bANhH7lh2fwkfIk7PxsxFw9amptlqzDqbBPz8/SdBUFt0G8t52Niw -lcYHWDV2YH4Qs1SAxOsyG0O8hpYKiKIwRHxPu5ZD3bMgDJXA3d+9zXlrLlmL0YFC -tvlPxmvqUhmMsL4vGEj/xWivULCTVOz6KcJ9edWwK9JxyO/KmGyDLwKxAgUApBVt -/aOCAeUwggHhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJr+c6YCNnohJ6M3 -fhSzwwTq2CkWMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j -c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs -MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI -KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwggEABgNVHR8E -gfgwgfUwgfKgge+ggeyGgaVsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NO -PUQtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAxJTIwMjAwNiUzQVBO -LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0 -P2Jhc2U/b2JqZWN0Q2xhc3M9Y3JsRGlzdHJpYnV0aW9uUG9pbnSGQmh0dHA6Ly93 -d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfcXVhbGlmaWVkX3Jvb3RfY2FfMV8y -MDA2X3BuLmNybDANBgkqhkiG9w0BAQUFAAOCAQEABsVNHg5zVMB+A4swJ8/vW+RV -mW8KZiJb5AVytFzBeZkkF2+DXFMtursZ0sICIcRCSsNyAQcqHqzcgnDWCHASlu4o -Em3TeBsmWo8r/uGpbFVAOhjq2VOFwjjIr3TC7zmMoLE+WGBRSuZh4/5wnxQ+NNbY -8HHE52UPI6VyV7RZeE0IZfbjkejw8WpvNtRfc6NxOCxf1LYibiCUaYs+EBDD+eod -lWwpmHwPSj4GCzR9wBdbWML/GQZ6iFVOuEmApm2B11KEn4hvKtRMEp1CdHIn8Jwx -51E89XcjJOIitO0lUozimqvlUb0lEynXe1/CUOhAsiAnLvq0GbnjFN6+9GRnqg== ------END CERTIFICATE----- - -Issuer ...: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE -Serial ...: 00B960 -Subject ..: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE - aka ..: info at d-trust.net - aka ..: (uri http://www.d-trust.net) - ------BEGIN CERTIFICATE----- -MIIFBjCCA+6gAwIBAgIDALlgMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF -MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm -aWVkIFJvb3QgQ0EgMiAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy -NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG -A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyIDIwMDY6UE4wggEkMA0G -CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQC9p9EZM645WSti4m3Lp/m5Cu2PCeAf -DYMsN2UQab5SAD94wc0xB68rhD0QiyXT1bhqnHKGhdsmmNwVbFLWyFWVc69+5pbx -jkEa1Z5oYbftpLZlqblas/iPG1C546c/O5JUHehrpyJziTaIqvDm0hMCarEGrd4i -hdwP7XsLNLeHFVdpVMWKUIJjUud18Wyr6MVRGs85YTme2gPki8JZMjeOteTA8dnY -unohiJM1rs8YQiYgIfQJV5oBd7OWZQLSuoh5tddYnP4KDFZUCCsC1OkBD+MnVlcv -IEfrDDuWdvFgOdS8FB5l4E3D0eYPpn536EDpWeGuCnn8joQPdiMwwGL7AgUAuaHl -M6OCAeEwggHdMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFILMyG0qJl9Aqmsa -DhPJE4d+Xp/JMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j -c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs -MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI -KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwgf0GA1UdHwSB -9TCB8jCB76CB7KCB6YaBpWxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049 -RC1UUlVTVCUyMFF1YWxpZmllZCUyMFJvb3QlMjBDQSUyMDIlMjAyMDA2JTNBUE4s -Tz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/ -YmFzZT9vYmplY3RDbGFzcz1jcmxEaXN0cmlidXRpb25Qb2ludIY/aHR0cDovL3d3 -dy5kLXRydXN0Lm5ldC9jcmwvZC10cnVzdF9xdWFsaWZpZWRfcm9vdF9jYV8yXzIw -MDYuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB/TeSQASSUVjLVpTMB+S2bEYZWL04N -5UO5sIdV5MQFxmbmQNam4odnkOx/GjHy0uuf14Pz7lztlLh4EMvEZbvoQ8wRsrrl -vMjWBUSnhTMPhohj4gUCEJDBq50qi0057Jos9DF4iLaFgiWBER+FeSHD8uEy6WGG -UrQ9fw8wRa+CRUeZldtZ25VSR++wxBuX3bkF/hRBuSk9PzT6jZojZDWKsqhPGo0W -dK4V81hS4Zri3b3gSD/3iOAJ4EO8jdyeSVomw/u1UOapVFnWhpN7H6Nwekij66eO -4WNzbeTNgJtkdOlzW2AcsWe3mS43BE286z7l/DzDs8JK36va/TRHb29p ------END CERTIFICATE----- - - -Issuer ...: /CN=S-TRUST Qualified Root CA 2006-001:PN - /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart - /ST=Baden-Wuerttemberg (BW)/C=DE -Serial ...: 00DF749F80AA51F0EDC0CB1FC183E97EE2 -Subject ..: /CN=S-TRUST Qualified Root CA 2006-001:PN - /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart - /ST=Baden-Wuerttemberg (BW)/C=DE - ------BEGIN CERTIFICATE----- -MIIETDCCAzSgAwIBAgIRAN90n4CqUfDtwMsfwYPpfuIwDQYJKoZIhvcNAQEFBQAw -gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX -KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth -c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v -dCBDQSAyMDA2LTAwMTpQTjAeFw0wNjAxMDEwMDAwMDBaFw0xMDEyMzAyMzU5NTla -MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC -VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr -YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv -b3QgQ0EgMjAwNi0wMDE6UE4wggEkMA0GCSqGSIb3DQEBAQUAA4IBEQAwggEMAoIB -AQCCp5M7qIP3WgNNE9t4kxFLb2HdwE2pivcWfEjFh9AJcwZIaD781+OhuNxhMEil -C+B9N3bYgLMj7r/LbIFwRVmUf9E64kBDrY/wLAlXLpiicOiKE7rS1tcOAdD69s7I -5jaBXCz/eQo20QLsp11/btwYos9PlfptLqHjS8AUwUaMyolqmWqaxLD33ZfoQswP -FpyFFzAnRondt/5WUt244kpqgTlwP4o9J1AZamK5o/kKEXl8hDT6CulFoK51cX/J -C9lEA10mwchVfv+9cel9b2ryPXg3hPf1XFFR+l90/ZYlreaSKz5+LluI6a/ALtYl -hqJpvndXm6YZDzKKtxT3LZ1DAgUA8A8a46OBgDB+MBIGA1UdEwEB/wQIMAYBAf8C -AQEwDgYDVR0PAQH/BAQDAgEGMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwHQYD -VR0OBBYEFKhXJN3CR/Jkirm68N+VHxcd09zBMB8GA1UdIwQYMBaAFKhXJN3CR/Jk -irm68N+VHxcd09zBMA0GCSqGSIb3DQEBBQUAA4IBAQBB8UGGU179RK9v5SglLn8m -AdBrwG5B4x0nlI3Ayj+GuP9R8ALcMEBwcFgSZTav7N8ERKa8VlCRNria7Fvf3kOu -+f67smpShBvEkrHy+ThvezBUtLfSSd1HzvaPnfwu86DMVnTIOkEcl0KLrpc/ZjEt -u81iHuiHBemf6gWdTCApiJ+CN4tARi3irvWcjhz/IIcA/ZwAaCW22Z1ysDklCIPS -9OnX9ki1f73PR+kdo4G7Dfo7TbuvV5Kzeh54sZ77A5utdvKer4ZHBmn9CGmk4VeI -BWdFlE7Fispzm+jZCduF0TcazvP/tYontx71GQnHRwLfiY4xnuzXEoSNXoaHzhzO ------END CERTIFICATE----- - -Issuer ...: /CN=S-TRUST Qualified Root CA 2007-001:PN - /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart - /ST=Baden-Wuerttemberg (BW)/C=DE -Serial ...: 00BC098E0402E92956B8D7DE74977E26F7 -Subject ..: /CN=S-TRUST Qualified Root CA 2007-001:PN - /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart - /ST=Baden-Wuerttemberg (BW)/C=DE - ------BEGIN CERTIFICATE----- -MIIESzCCAzOgAwIBAgIRALwJjgQC6SlWuNfedJd+JvcwDQYJKoZIhvcNAQELBQAw -gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX -KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth -c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v -dCBDQSAyMDA3LTAwMTpQTjAeFw0wNzAxMDEwMDAwMDBaFw0xMTEyMzAyMzU5NTla -MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC -VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr -YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv -b3QgQ0EgMjAwNy0wMDE6UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIB -AQCnJdNNiDQLKpPIfHTC3ifleXWTf96hLfvP58q41fuywQ+rXju453yjPgr/ej5i -RgYPyJnSc498wyu/XtPLIC3gQvowfiI8WmSj/eEToHUhrLIAtx1VXSi/Rugt3E1Y -uYGkPn/gnrkk+RtPJQuBl1NRxKEVi7rg1Ch5RJvWsUTOmxgeWlr8qZnPoLkA2y6N -lhL6LP3Th+OQIH4RFFfazNYWpH4Cg6I5nzyieHaR6LrGk0L7GfDKdZG4Eqan3JvI -ilrFHzzCm7qudd+31jcRamReqZqJ0wzBmY1LNAzDyCAC3Y+YWEz8crhDW3mK/wFY -H0RHHeow06RMTEVwls+FrhWfAgRAAACBo4GAMH4wEgYDVR0TAQH/BAgwBgEB/wIB -ATAOBgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNV -HQ4EFgQUPAujGBtjPCldr0A+EM4YCZSIX1cwHwYDVR0jBBgwFoAUPAujGBtjPCld -r0A+EM4YCZSIX1cwDQYJKoZIhvcNAQELBQADggEBAJ1pVXXcVb9m0yRPjvE4Rvko -tdjIm29YnY13ILCrPqjfgtpSlId6NHPhykGLkw3ratNlWQp3rmen/8EqQJa0rsPD -CiB20ilLb1CmF8/SViJ26C+K0ayzk8s2v7S/m7/Tx9Dgd2PXWwy2XjeGG/2SkISH -5CtSjbm8U+xTh5SQMgK1MX/bDiNJebDOO0N2lxAjtcGmw7K6OTWS7KnFfjzv6fKK -L7Ed2Gpd2gBkbuJVe/wX2mDP2P4rpcCEkXrDoWbi9WWc+eP5fCgE4Nj7/VhnbPf6 -DJCvmUG571uf1oukFaoeeyzpw2q28Ly1KR8DNPw+B/3PzJUIjXYzPGyUjv3aPew= ------END CERTIFICATE----- - - -Issuer ...: /CN=S-TRUST Qualified Root CA 2008-001:PN - /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE -Serial ...: 00B3963E0E6C2D65125853E970665402E5 -Subject ..: /CN=S-TRUST Qualified Root CA 2008-001:PN - /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE - ------BEGIN CERTIFICATE----- -MIIFODCCBCCgAwIBAgIRALOWPg5sLWUSWFPpcGZUAuUwDQYJKoZIhvcNAQELBQAw -fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1 -dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg -UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDE6UE4wHhcNMDgwMTAxMDAwMDAwWhcN -MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0 -MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG -A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMTpQTjCCASMw -DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAKfUBh+i0NSWzddPtWG15DdTqbPM -SJmeWw6dXutkR6UNonxC+yAm6rfZJhb83tPGB09qlAcNn7fcdR/g4SNdu3McwT+J -HKHou6hhbMZmsza72Qcj9P/AwWq/o5oJa2eI4pU7I5YjS3x3oGtvmhJkwYiehIyx -7DI+wHKcohwJV83jlZW3YrPmKgpaOZsc5lJM/+Ha4Q77MLPWHdCnxUkrbL1+Q/Ea -qY+DoMMa9wxY+UmwbKe8ANfAf2NIMfJwmb748f+7EJMLjUA8nxrQ4iAPJ1lSrfZs -d9cjzjdXZnhLvR9T2nNa2nROOHk2ARCOPAJgxk9EheRr4B6RbJ4hinuydJUCBEAA -AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w -ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No -ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw -MDFQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl -L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMSUz -QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T -dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO -BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E -FgQU7UBDbxBuOWcii/O2xVNRExXxPj0wHwYDVR0jBBgwFoAU7UBDbxBuOWcii/O2 -xVNRExXxPj0wDQYJKoZIhvcNAQELBQADggEBAEdeesrApdpV+0cz698ZM+fsbcmk -AYTy8U1vcnEPzcxaEAvUO57ndJlSdBK7+5yFbVuFW7CTp90TPgljoDqWDOI2hsLU -YxrHUfDCwsm/ALLDpImRKWGZ07nKxOHGAOxB4tQUaDUHwaClbw3UB3nBi9++f9d0 -FLM9oOVxbhKGco4/qo3LP+QfJU6xjL8itqaf0WHXcnN69CD/5D7e/iziwHvLWLEU -0cUXVDzdyWKEvJ3RpFIk6EUulKFHZrCctis1ixg/iQybKs2DWG/RtCo6CGhtydT8 -I1y6qAwPL2gAt+ypf+Mk4SLewnpXlw6ZVDQlLEBLGto72DAyJTxRh8f6BpY= ------END CERTIFICATE----- - -Issuer ...: /CN=S-TRUST Qualified Root CA 2008-002:PN - /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE -Serial ...: 00C4216083F35C54F67B09A80C3C55FE7D -Subject ..: /CN=S-TRUST Qualified Root CA 2008-002:PN - /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE - ------BEGIN CERTIFICATE----- -MIIFODCCBCCgAwIBAgIRAMQhYIPzXFT2ewmoDDxV/n0wDQYJKoZIhvcNAQELBQAw -fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1 -dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg -UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDI6UE4wHhcNMDgwMTAxMDAwMDAwWhcN -MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0 -MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG -A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMjpQTjCCASMw -DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAJCrKgvHaZdd5LpNAlVZVf8a3CJY -lBUt4Awwlu5q9wnkObVGHyekGLG6h7wMrY9OCL4uqWn9vIz+5vGXMEvU+NniMXIn -JodZS8CbBBYUxS42PgZp7TNCd4gglEA1xOhsQH8T9iRZzdRCLyZYjysYsHiujn/x -7y0+nxQsYu2mONaPFZq7ZBsDlAk5BPdIZCrutHDHe5inKwbpDUdpnKFlM1UDZ3eS -4dl+YT/3t4QSJAVHVFz/Pzf1tevpMFYP4M7jHaktp327GMtrhYlpeoSZRc1cizHU -Vdhj6Foyj1wWkQMwvb1ChPbRxS+4V3b6R+vgelULDBqFSF0Rtj/kRUgT/q8CBEAA -AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w -ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No -ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw -MDJQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl -L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMiUz -QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T -dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO -BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E -FgQUIQpnbAV/rAz9qSo/4q/3/TlplqwwHwYDVR0jBBgwFoAUIQpnbAV/rAz9qSo/ -4q/3/TlplqwwDQYJKoZIhvcNAQELBQADggEBAHRr6IiNPkWJYHVa8vi4tufRG9nE -Yy8t2ll8xbu4ar+LXCqbttdaQzVU/7RCX4S1aPm6wb9WFJU+/JfZHpez+gJ9uIFy -6rYJDxZ4qTxaGnIKGguZbEkpvne38/vtyjR5RuCj5AwEuP7Vy7/j5O1WZDoROMoD -rRsBHLtg90aDVou0IG+wK5+RPOixSMjfMf79uixHrsriMHrzulTEMmX+S+VfXGmO -G1RRiCiWgYaEtSIDAP0V9ehpcghfJLlmMBnxSf4n7OZvkd1whvme2rXaQxnZi2qV -d2qclY03eJ7zx6Zpq8VFuVvOxvmFZ4mMe706runhCq+rHc5x6x0/oIMhDrk= ------END CERTIFICATE----- Issuer ...: /CN=The STEED Self-Signing Nonthority Serial ...: 01 ----------------------------------------------------------------------- Summary of changes: doc/com-certs.pem | 435 ---------------------------------------------------- g10/build-packet.c | 6 +- po/de.po | 10 +- po/ja.po | 17 +- po/uk.po | 17 +- sm/fingerprint.c | 10 +- 6 files changed, 43 insertions(+), 452 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 5 15:27:15 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Nov 2014 15:27:15 +0100 Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.1-6-g9947021 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnupG extension for the Windows Explorer". The branch, master has been updated via 9947021737dff89896f3b4ed5186429ccef802a1 (commit) via f565264b2e68bdd84ab193ca3382d9dd23c1d801 (commit) from 0b7749092debfca4751e46e8149ff31faa707b82 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9947021737dff89896f3b4ed5186429ccef802a1 Author: Werner Koch Date: Wed Nov 5 15:27:43 2014 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index d5479d5..8d48701 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes for version 1.0.3 (unreleased) +------------------------------------------------- + + Noteworthy changes for version 1.0.2 (2014-11-05) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index 10f51ac..8d02a0f 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ min_automake_version="1.10" # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [1.0.2]) +m4_define([mym4_version], [1.0.3]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit f565264b2e68bdd84ab193ca3382d9dd23c1d801 Author: Werner Koch Date: Wed Nov 5 15:21:11 2014 +0100 Release 1.0.2 diff --git a/NEWS b/NEWS index 10a65a2..d5479d5 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,10 @@ -Noteworthy changes for version 1.0.2 (unreleased) +Noteworthy changes for version 1.0.2 (2014-11-05) ------------------------------------------------- * Added Polish translation. +* Add configure option --enable-gpa-only + Noteworthy changes for version 1.0.1 (2014-07-30) ------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: NEWS | 8 +++++++- configure.ac | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) hooks/post-receive -- GnupG extension for the Windows Explorer http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 5 16:54:27 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Nov 2014 16:54:27 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-33-gd280a52 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d280a52757b6a9968c98500dfe5e07e519423dba (commit) via e22b459b910762f77245283746de34c67ebc72da (commit) via 24028875848f7e677e6c99581aa4e390633d571d (commit) via 6b54759976dc372e34c6d3900fab596936aae6f8 (commit) from b453226f566b92be0d339d3126eaba75237e97fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d280a52757b6a9968c98500dfe5e07e519423dba Author: Werner Koch Date: Wed Nov 5 16:46:52 2014 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index 802e26e..ae5afc7 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.1 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 2.1.0 (2014-11-06) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 8cc06e1..9afcd3b 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.10" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [1]) -m4_define([mym4_micro], [0]) +m4_define([mym4_micro], [1]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit e22b459b910762f77245283746de34c67ebc72da Author: Werner Koch Date: Wed Nov 5 15:29:58 2014 +0100 Release 2.1.0 commit 24028875848f7e677e6c99581aa4e390633d571d Author: Werner Koch Date: Wed Nov 5 08:56:52 2014 +0100 speedo: Do not not assume GNU tar. -- Signed-off-by: Werner Koch diff --git a/autogen.sh b/autogen.sh index 112d2ee..7effd56 100755 --- a/autogen.sh +++ b/autogen.sh @@ -202,12 +202,12 @@ if [ "$myhost" = "find-version" ]; then case "$version_parts" in 2) - matchstr1="$package-$major.[0-9][0-9]*" + matchstr1="$package-$major.[0-9]*" matchstr2="$package-$major-base" vers="$major.$minor" ;; *) - matchstr1="$package-$major.$minor.[0-9][0-9]*" + matchstr1="$package-$major.$minor.[0-9]*" matchstr2="$package-$major.$minor-base" vers="$major.$minor.$micro" ;; diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 8e0ef4e..b7bcf06 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -421,11 +421,13 @@ speedo_pkg_gpa_configure = \ speedo_pkg_gpgex_configure = \ --with-gpg-error-prefix=$(idir) \ - --with-libassuan-prefix=$(idir) + --with-libassuan-prefix=$(idir) \ + --enable-gpa-only speedo_pkg_w64_gpgex_configure = \ --with-gpg-error-prefix=$(idir6) \ - --with-libassuan-prefix=$(idir6) + --with-libassuan-prefix=$(idir6) \ + --enable-gpa-only # @@ -741,15 +743,16 @@ $(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories elif [ -n "$$$${tar}" ]; then \ echo "speedo: unpacking $(1) from $$$${tar}"; \ case "$$$${tar}" in \ - *.gz) opt=z ;; \ - *.bz2) opt=j ;; \ - *.xz) opt=J ;; \ - *) opt= ;; \ + *.gz) pretar=zcat ;; \ + *.bz2) pretar=bzcat ;; \ + *.xz) pretar=xzcat ;; \ + *) pretar=cat ;; \ esac; \ [ -f tmp.tgz ] && rm tmp.tgz; \ case "$$$${tar}" in \ - /*) tar x$$$${opt}f - < $$$${tar} ;; \ - *) wget -q -O - $$$${tar} | tee tmp.tgz | tar x$$$${opt}f - ;; \ + /*) $$$${pretar} < $$$${tar} | tar xf - ;; \ + *) wget -q -O - $$$${tar} | tee tmp.tgz \ + | $$$${pretar} | tar x$$$${opt}f - ;; \ esac; \ if [ -f tmp.tgz ]; then \ if [ -n "$$$${sha1}" ]; then \ commit 6b54759976dc372e34c6d3900fab596936aae6f8 Author: Werner Koch Date: Wed Nov 5 08:42:56 2014 +0100 build: Update README.maint. -- Also fixed some typos. diff --git a/README.maint b/README.maint index 38f2338..9af6029 100644 --- a/README.maint +++ b/README.maint @@ -23,10 +23,7 @@ Release process: * Decide whether you want to update the automake standard files (Mainly config.guess and config.sub). - * [1.4 only] Update gpg.texi and gpgv.texi from master: - make -C doc update-source-from-gnupg-2 - - * [1.4 and 2.0] Copy needed texinfo files from master: + * [2.0] Copy needed texinfo files from master: make -C doc update-source * Run: @@ -34,11 +31,9 @@ Release process: * Write NEWS entries and set the release date in NEWS. - * [1.4 and 2.0] In configure.ac set "my_isgit" to "no". - * Commit all changes to GIT with a message of "Release n.m.o." - * Tag the revision with the string "gnupg-x.y.z". + * Create a signed tag with the name "gnupg-x.y.z". * Run "./autogen.sh --force" (--force is required for the git magic in configure.ac and a good @@ -64,11 +59,12 @@ Release process: * Copy the files to the FTP server - * Update the webpages - at least the file swdb.wml needs an update. + * Update the webpages - at least the file swdb.mac needs an update. * Add a new headline to NEWS. - * Bump "my_version" up and set "my_isgit" back to "yes" in configure.ac + * Bump the version number in configure.ac up, add an empty NEWS + entry, commit, and push that. * Write an announcement. diff --git a/doc/whats-new-in-2.1.txt b/doc/whats-new-in-2.1.txt index 10d3f60..d20239f 100644 --- a/doc/whats-new-in-2.1.txt +++ b/doc/whats-new-in-2.1.txt @@ -103,7 +103,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html `secring.gpg'. The only difference is that secring stored in addition to the public part also the private part of the key pair. The secret keyring thus contained only the keys for which a private key is - availaable, that is the user?s key. It required a lot of code to keep + available, that is the user?s key. It required a lot of code to keep both versions of the key in sync and led to sometimes surprising inconsistencies. @@ -198,8 +198,8 @@ https://gnupg.org/faq/whats-new-in-2.1.html Thus only the name and the mail address are required. For all other parameters the default values are used. Many graphical frontends - works in the same way. Note that GPG prints a hint for the old time - GPG users on how to get the full option menu. + works in the same way. Note that /gpg/ prints a hint for the old time + gpg users on how to get the full option menu. 1.4 Support for ECC @@ -381,7 +381,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html ? sub rsa2048/72A4D018 2014-11-04 ????? - Another common operation is to sign a key. gpg can do this directly + Another common operation is to sign a key. /gpg/ can do this directly from the command line by giving the fingerprint of the to-be-signed key: @@ -478,7 +478,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html A deficit of the OpenPGP protocol is that signatures carry only a limited indication on which public has been used to create a signature. Thus a verification engine may only use this ?long key id? - to lookup the the key in its own store or from a public keyserver. + to look up the the key in its own store or from a public keyserver. Unfortunately it has now become possible to create a key with a long key id matching the key id of another key. Importing a key with a long key id already used by another key in gpg?s local key store was @@ -522,7 +522,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html server from the pool. The new /dirmngr/ in GnuPG does not use the implicit round-robin of - the DNS resolver but uses its own DNS lookup and keeps an internal + the DNS resolver but uses its own DNS look up and keeps an internal table of all hosts from the pool along with the encountered aliveness state. Thus after a failure (timeout) of a request, /dirmngr/ flags a host as dead and randomly selects another one from the pool. After a @@ -544,10 +544,10 @@ https://gnupg.org/faq/whats-new-in-2.1.html ?????????????????????????? The format GnuPG has always used for the public keyring is actually a - slighly extended version of the on-the-wire format for OpenPGP key + slightly extended version of the on-the-wire format for OpenPGP key exchange. This format is quite inflexible to work with when random access to keys in the keyring is required. In fact /gpg/ always - parsed all keys in the kering until it encountred the desired one. + parsed all keys in the keyring until it encountered the desired one. With a large keyring (more than a few thousand keys) this could be quite slow. @@ -570,9 +570,9 @@ https://gnupg.org/faq/whats-new-in-2.1.html `pubring.gpg' file and not know anything about keys stored in the keybox file. - To convert an existsing `pubring.gpg' file to the keybox format, you + To convert an existing `pubring.gpg' file to the keybox format, you first rename the file to (for example) `publickeys' so it won?t be - recognized by any GnupG version and then you run the command + recognized by any GnuPG version and then you run the command ????? ? $ gpg2 --import publickeys @@ -597,12 +597,12 @@ https://gnupg.org/faq/whats-new-in-2.1.html ?????????????????????????? The /scdaemon/, which is responsible for accessing smardcards and - other tokens, has received may updates. In particilar pluggable USB - readers with a fixed card now work smoothless and simlar to standard + other tokens, has received may updates. In particular plugable USB + readers with a fixed card now work smoothless and similar to standard readers. The latest features of the /gnuk/ token are supported. Code for the HSM smartcard has been added. More card readers with a PIN pad are supported. The internal CCID driver does now also work with - certain non-auto configration equipped readers. + certain non-auto configuration equipped readers. 1.14 New format for key listings @@ -692,8 +692,8 @@ https://gnupg.org/faq/whats-new-in-2.1.html This command downloads all direct dependencies, checks the signatures using the GnuPG version from the build system (all Linux distros - feature a suitable GnuPG tool), builds everthing from source, and uses - NSIS to create the installer. Although this sounds easy, some + feature a suitable GnuPG tool), builds everything from source, and + uses NSIS to create the installer. Although this sounds easy, some experience in setting up a development machine is still required. Some versions of the toolchain exhibit bugs and thus your mileage may vary. Support for keyserver access over TLS is currently not ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++++ README.maint | 14 +++++--------- autogen.sh | 4 ++-- build-aux/speedo.mk | 19 +++++++++++-------- configure.ac | 2 +- doc/whats-new-in-2.1.txt | 30 +++++++++++++++--------------- 6 files changed, 38 insertions(+), 35 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 5 17:13:44 2014 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Wed, 05 Nov 2014 17:13:44 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-125-g95eef21 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 95eef21583d8e998efc48f22898c1ae31b77cb48 (commit) via 0b520128551054d83fb0bb2db8873394f38de498 (commit) via c584f44543883346d5a565581ff99a0afce9c5e1 (commit) from 669a83ba86c38b271d85ed4bf1cabc7cc8160583 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 95eef21583d8e998efc48f22898c1ae31b77cb48 Author: Jussi Kivilinna Date: Sun Nov 2 17:45:35 2014 +0200 Disable NEON for CPUs that are known to have broken NEON implementation * src/hwf-arm.c (detect_arm_proc_cpuinfo): Add parsing for CPU version information and check if CPU is known to have broken NEON implementation. (_gcry_hwf_detect_arm): Filter out broken HW features. -- Signed-off-by: Jussi Kivilinna diff --git a/src/hwf-arm.c b/src/hwf-arm.c index dbbb607..3dc050e 100644 --- a/src/hwf-arm.c +++ b/src/hwf-arm.c @@ -98,17 +98,32 @@ detect_arm_at_hwcap(void) #define HAS_PROC_CPUINFO 1 static unsigned int -detect_arm_proc_cpuinfo(void) +detect_arm_proc_cpuinfo(unsigned int *broken_hwfs) { char buf[1024]; /* large enough */ char *str_features, *str_neon; + int cpu_implementer, cpu_arch, cpu_variant, cpu_part, cpu_revision; FILE *f; int readlen, i; static int cpuinfo_initialized = 0; static unsigned int stored_cpuinfo_features; + static unsigned int stored_broken_hwfs; + struct { + const char *name; + int *value; + } cpu_entries[5] = { + { "CPU implementer", &cpu_implementer }, + { "CPU architecture", &cpu_arch }, + { "CPU variant", &cpu_variant }, + { "CPU part", &cpu_part }, + { "CPU revision", &cpu_revision }, + }; if (cpuinfo_initialized) - return stored_cpuinfo_features; + { + *broken_hwfs |= stored_broken_hwfs; + return stored_cpuinfo_features; + } f = fopen("/proc/cpuinfo", "r"); if (!f) @@ -124,12 +139,32 @@ detect_arm_proc_cpuinfo(void) cpuinfo_initialized = 1; stored_cpuinfo_features = 0; + stored_broken_hwfs = 0; /* Find features line. */ str_features = strstr(buf, "Features"); if (!str_features) return stored_cpuinfo_features; + /* Find CPU version information. */ + for (i = 0; i < DIM(cpu_entries); i++) + { + char *str; + + *cpu_entries[i].value = -1; + + str = strstr(buf, cpu_entries[i].name); + if (!str) + continue; + + str = strstr(str, ": "); + if (!str) + continue; + + str += 2; + *cpu_entries[i].value = strtoul(str, NULL, 0); + } + /* Lines to strings. */ for (i = 0; i < sizeof(buf); i++) if (buf[i] == '\n') @@ -140,6 +175,19 @@ detect_arm_proc_cpuinfo(void) if (str_neon && (str_neon[5] == ' ' || str_neon[5] == '\0')) stored_cpuinfo_features |= HWF_ARM_NEON; + /* Check for CPUs with broken NEON implementation. See + * https://code.google.com/p/chromium/issues/detail?id=341598 + */ + if (cpu_implementer == 0x51 + && cpu_arch == 7 + && cpu_variant == 1 + && cpu_part == 0x4d + && cpu_revision == 0) + { + stored_broken_hwfs = HWF_ARM_NEON; + } + + *broken_hwfs |= stored_broken_hwfs; return stored_cpuinfo_features; } @@ -149,18 +197,21 @@ unsigned int _gcry_hwf_detect_arm (void) { unsigned int ret = 0; + unsigned int broken_hwfs = 0; #if defined (HAS_SYS_AT_HWCAP) ret |= detect_arm_at_hwcap (); #endif #if defined (HAS_PROC_CPUINFO) - ret |= detect_arm_proc_cpuinfo (); + ret |= detect_arm_proc_cpuinfo (&broken_hwfs); #endif #if defined(__ARM_NEON__) && defined(ENABLE_NEON_SUPPORT) ret |= HWF_ARM_NEON; #endif + ret &= ~broken_hwfs; + return ret; } commit 0b520128551054d83fb0bb2db8873394f38de498 Author: Jussi Kivilinna Date: Sun Nov 2 16:01:11 2014 +0200 Add ARM/NEON implementation of Poly1305 * cipher/Makefile.am: Add 'poly1305-armv7-neon.S'. * cipher/poly1305-armv7-neon.S: New. * cipher/poly1305-internal.h (POLY1305_USE_NEON) (POLY1305_NEON_BLOCKSIZE, POLY1305_NEON_STATESIZE) (POLY1305_NEON_ALIGNMENT): New. * cipher/poly1305.c [POLY1305_USE_NEON] (_gcry_poly1305_armv7_neon_init_ext) (_gcry_poly1305_armv7_neon_finish_ext) (_gcry_poly1305_armv7_neon_blocks, poly1305_armv7_neon_ops): New. (_gcry_poly1305_init) [POLY1305_USE_NEON]: Select NEON implementation if HWF_ARM_NEON set. * configure.ac [neonsupport=yes]: Add 'poly1305-armv7-neon.lo'. -- Add Andrew Moon's public domain NEON implementation of Poly1305. Original source is available at: https://github.com/floodyberry/poly1305-opt Benchmark on Cortex-A8 (--cpu-mhz 1008): Old: | nanosecs/byte mebibytes/sec cycles/byte POLY1305 | 12.34 ns/B 77.27 MiB/s 12.44 c/B New: | nanosecs/byte mebibytes/sec cycles/byte POLY1305 | 2.12 ns/B 450.7 MiB/s 2.13 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 09ccaf9..22018b3 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -73,7 +73,7 @@ gost28147.c gost.h \ gostr3411-94.c \ md4.c \ md5.c \ -poly1305-sse2-amd64.S poly1305-avx2-amd64.S \ +poly1305-sse2-amd64.S poly1305-avx2-amd64.S poly1305-armv7-neon.S \ rijndael.c rijndael-tables.h rijndael-amd64.S rijndael-arm.S \ rmd160.c \ rsa.c \ diff --git a/cipher/poly1305-armv7-neon.S b/cipher/poly1305-armv7-neon.S new file mode 100644 index 0000000..1134e85 --- /dev/null +++ b/cipher/poly1305-armv7-neon.S @@ -0,0 +1,705 @@ +/* poly1305-armv7-neon.S - ARMv7/NEON implementation of Poly1305 + * + * Copyright (C) 2014 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* + * Based on public domain implementation by Andrew Moon at + * https://github.com/floodyberry/poly1305-opt + */ + +#include + +#if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) && \ + defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_NEON) + +.syntax unified +.fpu neon +.arm + +.text + +.p2align 2 +.Lpoly1305_init_constants_neon: +.long 0x3ffff03 +.long 0x3ffc0ff +.long 0x3f03fff +.long 0x00fffff + +.globl _gcry_poly1305_armv7_neon_init_ext +.type _gcry_poly1305_armv7_neon_init_ext,%function; +_gcry_poly1305_armv7_neon_init_ext: +.Lpoly1305_init_ext_neon_local: + stmfd sp!, {r4-r11, lr} + sub sp, sp, #32 + mov r14, r2 + and r2, r2, r2 + moveq r14, #-1 + ldmia r1!, {r2-r5} + ldr r7, =.Lpoly1305_init_constants_neon + mov r6, r2 + mov r8, r2, lsr #26 + mov r9, r3, lsr #20 + mov r10, r4, lsr #14 + mov r11, r5, lsr #8 + orr r8, r8, r3, lsl #6 + orr r9, r9, r4, lsl #12 + orr r10, r10, r5, lsl #18 + ldmia r7, {r2-r5} + and r2, r2, r8 + and r3, r3, r9 + and r4, r4, r10 + and r5, r5, r11 + and r6, r6, 0x3ffffff + stmia r0!, {r2-r6} + eor r8, r8, r8 + str r8, [sp, #24] +.Lpoly1305_init_ext_neon_squareloop: + ldr r8, [sp, #24] + mov r12, #16 + cmp r8, #2 + beq .Lpoly1305_init_ext_neon_donesquaring + cmp r8, #1 + moveq r12, #64 + cmp r14, r12 + bls .Lpoly1305_init_ext_neon_donesquaring + add r8, #1 + str r8, [sp, #24] + mov r6, r6, lsl #1 + mov r2, r2, lsl #1 + umull r7, r8, r3, r3 + umull r9, r10, r6, r4 + umlal r7, r8, r6, r5 + umlal r9, r10, r2, r3 + add r11, r5, r5, lsl #2 + umlal r7, r8, r2, r4 + umlal r9, r10, r5, r11 + str r7, [sp, #16] + str r8, [sp, #20] + mov r2, r2, lsr #1 + mov r5, r5, lsl #1 + str r9, [sp, #8] + str r10, [sp, #12] + umull r7, r8, r2, r2 + umull r9, r10, r6, r2 + add r11, r3, r3, lsl #2 + add r12, r4, r4, lsl #2 + umlal r7, r8, r6, r3 + umlal r9, r10, r5, r11 + umlal r7, r8, r5, r12 + umlal r9, r10, r4, r12 + mov r6, r6, lsr #1 + mov r3, r3, lsl #1 + add r11, r2, r2, lsl #2 + str r7, [sp, #0] + str r8, [sp, #4] + umull r7, r8, r6, r6 + umlal r7, r8, r3, r12 + umlal r7, r8, r5, r11 + and r6, r7, 0x3ffffff + mov r11, r7, lsr #26 + orr r11, r11, r8, lsl #6 + ldr r7, [sp, #0] + ldr r8, [sp, #4] + adds r9, r9, r11 + adc r10, r10, #0 + and r2, r9, 0x3ffffff + mov r11, r9, lsr #26 + orr r11, r11, r10, lsl #6 + ldr r9, [sp, #8] + ldr r10, [sp, #12] + adds r7, r7, r11 + adc r8, r8, #0 + and r3, r7, 0x3ffffff + mov r11, r7, lsr #26 + orr r11, r11, r8, lsl #6 + ldr r7, [sp, #16] + ldr r8, [sp, #20] + adds r9, r9, r11 + adc r10, r10, #0 + and r4, r9, 0x3ffffff + mov r11, r9, lsr #26 + orr r11, r11, r10, lsl #6 + adds r7, r7, r11 + adc r8, r8, #0 + and r5, r7, 0x3ffffff + mov r11, r7, lsr #26 + orr r11, r11, r8, lsl #6 + add r11, r11, r11, lsl #2 + add r6, r6, r11 + mov r11, r6, lsr #26 + and r6, r6, 0x3ffffff + add r2, r2, r11 + stmia r0!, {r2-r6} + b .Lpoly1305_init_ext_neon_squareloop +.Lpoly1305_init_ext_neon_donesquaring: + mov r2, #2 + ldr r14, [sp, #24] + sub r14, r2, r14 + mov r3, r14, lsl #4 + add r3, r3, r14, lsl #2 + add r0, r0, r3 + eor r2, r2, r2 + eor r3, r3, r3 + eor r4, r4, r4 + eor r5, r5, r5 + eor r6, r6, r6 + stmia r0!, {r2-r6} + stmia r0!, {r2-r6} + ldmia r1!, {r2-r5} + stmia r0, {r2-r6} + add sp, sp, #32 + ldmfd sp!, {r4-r11, lr} + mov r0, #(9*4+32) + bx lr +.ltorg +.size _gcry_poly1305_armv7_neon_init_ext,.-_gcry_poly1305_armv7_neon_init_ext; + +.globl _gcry_poly1305_armv7_neon_blocks +.type _gcry_poly1305_armv7_neon_blocks,%function; +_gcry_poly1305_armv7_neon_blocks: +.Lpoly1305_blocks_neon_local: + vmov.i32 q0, #0xffffffff + vmov.i32 d4, #1 + vsubw.u32 q0, q0, d4 + vstmdb sp!, {q4,q5,q6,q7} + stmfd sp!, {r4-r11, lr} + mov r8, sp + and sp, sp, #~63 + sub sp, sp, #192 + str r0, [sp, #108] + str r1, [sp, #112] + str r2, [sp, #116] + str r8, [sp, #120] + mov r3, r0 + mov r0, r1 + mov r1, r2 + mov r2, r3 + ldr r8, [r2, #116] + veor d15, d15, d15 + vorr.i32 d15, #(1 << 24) + tst r8, #2 + beq .Lpoly1305_blocks_neon_skip_shift8 + vshr.u64 d15, #32 +.Lpoly1305_blocks_neon_skip_shift8: + tst r8, #4 + beq .Lpoly1305_blocks_neon_skip_shift16 + veor d15, d15, d15 +.Lpoly1305_blocks_neon_skip_shift16: + vst1.64 d15, [sp, :64] + tst r8, #1 + bne .Lpoly1305_blocks_neon_started + vld1.64 {q0-q1}, [r0]! + vswp d1, d2 + vmovn.i64 d21, q0 + vshrn.i64 d22, q0, #26 + vshrn.u64 d24, q1, #14 + vext.8 d0, d0, d2, #4 + vext.8 d1, d1, d3, #4 + vshr.u64 q1, q1, #32 + vshrn.i64 d23, q0, #20 + vshrn.u64 d25, q1, #8 + vand.i32 d21, #0x03ffffff + vand.i32 q11, #0x03ffffff + vand.i32 q12, #0x03ffffff + orr r8, r8, #1 + sub r1, r1, #32 + str r8, [r2, #116] + vorr d25, d25, d15 + b .Lpoly1305_blocks_neon_setupr20 +.Lpoly1305_blocks_neon_started: + add r9, r2, #60 + vldm r9, {d21-d25} +.Lpoly1305_blocks_neon_setupr20: + vmov.i32 d0, #5 + tst r8, #(8|16) + beq .Lpoly1305_blocks_neon_setupr20_simple + tst r8, #(8) + beq .Lpoly1305_blocks_neon_setupr20_r_1 + mov r9, r2 + add r10, r2, #20 + vld1.64 {q9}, [r9]! + vld1.64 {q8}, [r10]! + vld1.64 {d2}, [r9] + vld1.64 {d20}, [r10] + b .Lpoly1305_blocks_neon_setupr20_hard +.Lpoly1305_blocks_neon_setupr20_r_1: + mov r9, r2 + vmov.i32 d2, #1 + vld1.64 {q8}, [r9]! + veor q9, q9, q9 + vshr.u64 d2, d2, #32 + vld1.64 {d20}, [r9] +.Lpoly1305_blocks_neon_setupr20_hard: + vzip.i32 q8, q9 + vzip.i32 d20, d2 + b .Lpoly1305_blocks_neon_setups20 +.Lpoly1305_blocks_neon_setupr20_simple: + add r9, r2, #20 + vld1.64 {d2-d4}, [r9] + vdup.32 d16, d2[0] + vdup.32 d17, d2[1] + vdup.32 d18, d3[0] + vdup.32 d19, d3[1] + vdup.32 d20, d4[0] +.Lpoly1305_blocks_neon_setups20: + vmul.i32 q13, q8, d0[0] + vmov.i64 q15, 0x00000000ffffffff + vmul.i32 q14, q9, d0[0] + vshr.u64 q15, q15, #6 + cmp r1, #64 + blo .Lpoly1305_blocks_neon_try32 + add r9, sp, #16 + add r10, r2, #40 + add r11, sp, #64 + str r1, [sp, #116] + vld1.64 {d10-d12}, [r10] + vmov d14, d12 + vmul.i32 q6, q5, d0[0] +.Lpoly1305_blocks_neon_mainloop: + ldmia r0!, {r2-r5} + vmull.u32 q0, d25, d12[0] + mov r7, r2, lsr #26 + vmlal.u32 q0, d24, d12[1] + mov r8, r3, lsr #20 + ldr r6, [sp, #0] + vmlal.u32 q0, d23, d13[0] + mov r9, r4, lsr #14 + vmlal.u32 q0, d22, d13[1] + orr r6, r6, r5, lsr #8 + vmlal.u32 q0, d21, d14[0] + orr r3, r7, r3, lsl #6 + vmull.u32 q1, d25, d12[1] + orr r4, r8, r4, lsl #12 + orr r5, r9, r5, lsl #18 + vmlal.u32 q1, d24, d13[0] + ldmia r0!, {r7-r10} + vmlal.u32 q1, d23, d13[1] + mov r1, r7, lsr #26 + vmlal.u32 q1, d22, d14[0] + ldr r11, [sp, #4] + mov r12, r8, lsr #20 + vmlal.u32 q1, d21, d10[0] + mov r14, r9, lsr #14 + vmull.u32 q2, d25, d13[0] + orr r11, r11, r10, lsr #8 + orr r8, r1, r8, lsl #6 + vmlal.u32 q2, d24, d13[1] + orr r9, r12, r9, lsl #12 + vmlal.u32 q2, d23, d14[0] + orr r10, r14, r10, lsl #18 + vmlal.u32 q2, d22, d10[0] + mov r12, r3 + and r2, r2, #0x3ffffff + vmlal.u32 q2, d21, d10[1] + mov r14, r5 + vmull.u32 q3, d25, d13[1] + and r3, r7, #0x3ffffff + vmlal.u32 q3, d24, d14[0] + and r5, r8, #0x3ffffff + vmlal.u32 q3, d23, d10[0] + and r7, r9, #0x3ffffff + vmlal.u32 q3, d22, d10[1] + and r8, r14, #0x3ffffff + vmlal.u32 q3, d21, d11[0] + and r9, r10, #0x3ffffff + add r14, sp, #128 + vmull.u32 q4, d25, d14[0] + mov r10, r6 + vmlal.u32 q4, d24, d10[0] + and r6, r4, #0x3ffffff + vmlal.u32 q4, d23, d10[1] + and r4, r12, #0x3ffffff + vmlal.u32 q4, d22, d11[0] + stm r14, {r2-r11} + vmlal.u32 q4, d21, d11[1] + vld1.64 {d21-d24}, [r14, :256]! + vld1.64 {d25}, [r14, :64] + ldmia r0!, {r2-r5} + vmlal.u32 q0, d25, d26 + mov r7, r2, lsr #26 + vmlal.u32 q0, d24, d27 + ldr r6, [sp, #0] + mov r8, r3, lsr #20 + vmlal.u32 q0, d23, d28 + mov r9, r4, lsr #14 + vmlal.u32 q0, d22, d29 + orr r6, r6, r5, lsr #8 + vmlal.u32 q0, d21, d20 + orr r3, r7, r3, lsl #6 + vmlal.u32 q1, d25, d27 + orr r4, r8, r4, lsl #12 + orr r5, r9, r5, lsl #18 + vmlal.u32 q1, d24, d28 + ldmia r0!, {r7-r10} + vmlal.u32 q1, d23, d29 + mov r1, r7, lsr #26 + vmlal.u32 q1, d22, d20 + ldr r11, [sp, #4] + mov r12, r8, lsr #20 + vmlal.u32 q1, d21, d16 + mov r14, r9, lsr #14 + vmlal.u32 q2, d25, d28 + orr r11, r11, r10, lsr #8 + orr r8, r1, r8, lsl #6 + orr r9, r12, r9, lsl #12 + vmlal.u32 q2, d24, d29 + orr r10, r14, r10, lsl #18 + and r2, r2, #0x3ffffff + mov r12, r3 + vmlal.u32 q2, d23, d20 + mov r14, r5 + vmlal.u32 q2, d22, d16 + and r3, r7, #0x3ffffff + vmlal.u32 q2, d21, d17 + and r5, r8, #0x3ffffff + vmlal.u32 q3, d25, d29 + and r7, r9, #0x3ffffff + vmlal.u32 q3, d24, d20 + and r8, r14, #0x3ffffff + vmlal.u32 q3, d23, d16 + and r9, r10, #0x3ffffff + vmlal.u32 q3, d22, d17 + add r14, sp, #128 + vmlal.u32 q3, d21, d18 + mov r10, r6 + vmlal.u32 q4, d25, d20 + vmlal.u32 q4, d24, d16 + and r6, r4, #0x3ffffff + vmlal.u32 q4, d23, d17 + and r4, r12, #0x3ffffff + vmlal.u32 q4, d22, d18 + stm r14, {r2-r11} + vmlal.u32 q4, d21, d19 + vld1.64 {d21-d24}, [r14, :256]! + vld1.64 {d25}, [r14, :64] + vaddw.u32 q0, q0, d21 + vaddw.u32 q1, q1, d22 + vaddw.u32 q2, q2, d23 + vaddw.u32 q3, q3, d24 + vaddw.u32 q4, q4, d25 + vshr.u64 q11, q0, #26 + vand q0, q0, q15 + vadd.i64 q1, q1, q11 + vshr.u64 q12, q3, #26 + vand q3, q3, q15 + vadd.i64 q4, q4, q12 + vshr.u64 q11, q1, #26 + vand q1, q1, q15 + vadd.i64 q2, q2, q11 + vshr.u64 q12, q4, #26 + vand q4, q4, q15 + vadd.i64 q0, q0, q12 + vshl.i64 q12, q12, #2 + ldr r1, [sp, #116] + vadd.i64 q0, q0, q12 + vshr.u64 q11, q2, #26 + vand q2, q2, q15 + vadd.i64 q3, q3, q11 + sub r1, #64 + vshr.u64 q12, q0, #26 + vand q0, q0, q15 + vadd.i64 q1, q1, q12 + cmp r1, #64 + vshr.u64 q11, q3, #26 + vand q3, q3, q15 + vadd.i64 q4, q4, q11 + vmovn.i64 d21, q0 + str r1, [sp, #116] + vmovn.i64 d22, q1 + vmovn.i64 d23, q2 + vmovn.i64 d24, q3 + vmovn.i64 d25, q4 + bhs .Lpoly1305_blocks_neon_mainloop +.Lpoly1305_blocks_neon_try32: + cmp r1, #32 + blo .Lpoly1305_blocks_neon_done + tst r0, r0 + bne .Lpoly1305_blocks_loadm32 + veor q0, q0, q0 + veor q1, q1, q1 + veor q2, q2, q2 + veor q3, q3, q3 + veor q4, q4, q4 + b .Lpoly1305_blocks_continue32 +.Lpoly1305_blocks_loadm32: + vld1.64 {q0-q1}, [r0]! + veor q4, q4, q4 + vswp d1, d2 + veor q3, q3, q3 + vtrn.32 q0, q4 + vtrn.32 q1, q3 + vshl.i64 q2, q1, #12 + vshl.i64 q3, q3, #18 + vshl.i64 q1, q4, #6 + vmovl.u32 q4, d15 +.Lpoly1305_blocks_continue32: + vmlal.u32 q0, d25, d26 + vmlal.u32 q0, d24, d27 + vmlal.u32 q0, d23, d28 + vmlal.u32 q0, d22, d29 + vmlal.u32 q0, d21, d20 + vmlal.u32 q1, d25, d27 + vmlal.u32 q1, d24, d28 + vmlal.u32 q1, d23, d29 + vmlal.u32 q1, d22, d20 + vmlal.u32 q1, d21, d16 + vmlal.u32 q2, d25, d28 + vmlal.u32 q2, d24, d29 + vmlal.u32 q2, d23, d20 + vmlal.u32 q2, d22, d16 + vmlal.u32 q2, d21, d17 + vmlal.u32 q3, d25, d29 + vmlal.u32 q3, d24, d20 + vmlal.u32 q3, d23, d16 + vmlal.u32 q3, d22, d17 + vmlal.u32 q3, d21, d18 + vmlal.u32 q4, d25, d20 + vmlal.u32 q4, d24, d16 + vmlal.u32 q4, d23, d17 + vmlal.u32 q4, d22, d18 + vmlal.u32 q4, d21, d19 + vshr.u64 q11, q0, #26 + vand q0, q0, q15 + vadd.i64 q1, q1, q11 + vshr.u64 q12, q3, #26 + vand q3, q3, q15 + vadd.i64 q4, q4, q12 + vshr.u64 q11, q1, #26 + vand q1, q1, q15 + vadd.i64 q2, q2, q11 + vshr.u64 q12, q4, #26 + vand q4, q4, q15 + vadd.i64 q0, q0, q12 + vshl.i64 q12, q12, #2 + vadd.i64 q0, q0, q12 + vshr.u64 q11, q2, #26 + vand q2, q2, q15 + vadd.i64 q3, q3, q11 + vshr.u64 q12, q0, #26 + vand q0, q0, q15 + vadd.i64 q1, q1, q12 + vshr.u64 q11, q3, #26 + vand q3, q3, q15 + vadd.i64 q4, q4, q11 + vmovn.i64 d21, q0 + vmovn.i64 d22, q1 + vmovn.i64 d23, q2 + vmovn.i64 d24, q3 + vmovn.i64 d25, q4 +.Lpoly1305_blocks_neon_done: + tst r0, r0 + beq .Lpoly1305_blocks_neon_final + ldr r2, [sp, #108] + add r2, r2, #60 + vst1.64 {d21}, [r2]! + vst1.64 {d22-d25}, [r2] + b .Lpoly1305_blocks_neon_leave +.Lpoly1305_blocks_neon_final: + vadd.u32 d10, d0, d1 + vadd.u32 d13, d2, d3 + vadd.u32 d11, d4, d5 + ldr r5, [sp, #108] + vadd.u32 d14, d6, d7 + vadd.u32 d12, d8, d9 + vtrn.32 d10, d13 + vtrn.32 d11, d14 + vst1.64 {d10-d12}, [sp] + ldm sp, {r0-r4} + mov r12, r0, lsr #26 + and r0, r0, #0x3ffffff + add r1, r1, r12 + mov r12, r1, lsr #26 + and r1, r1, #0x3ffffff + add r2, r2, r12 + mov r12, r2, lsr #26 + and r2, r2, #0x3ffffff + add r3, r3, r12 + mov r12, r3, lsr #26 + and r3, r3, #0x3ffffff + add r4, r4, r12 + mov r12, r4, lsr #26 + and r4, r4, #0x3ffffff + add r12, r12, r12, lsl #2 + add r0, r0, r12 + mov r12, r0, lsr #26 + and r0, r0, #0x3ffffff + add r1, r1, r12 + mov r12, r1, lsr #26 + and r1, r1, #0x3ffffff + add r2, r2, r12 + mov r12, r2, lsr #26 + and r2, r2, #0x3ffffff + add r3, r3, r12 + mov r12, r3, lsr #26 + and r3, r3, #0x3ffffff + add r4, r4, r12 + mov r12, r4, lsr #26 + and r4, r4, #0x3ffffff + add r12, r12, r12, lsl #2 + add r0, r0, r12 + mov r12, r0, lsr #26 + and r0, r0, #0x3ffffff + add r1, r1, r12 + add r6, r0, #5 + mov r12, r6, lsr #26 + and r6, r6, #0x3ffffff + add r7, r1, r12 + mov r12, r7, lsr #26 + and r7, r7, #0x3ffffff + add r10, r2, r12 + mov r12, r10, lsr #26 + and r10, r10, #0x3ffffff + add r11, r3, r12 + mov r12, #-(1 << 26) + add r12, r12, r11, lsr #26 + and r11, r11, #0x3ffffff + add r14, r4, r12 + mov r12, r14, lsr #31 + sub r12, #1 + and r6, r6, r12 + and r7, r7, r12 + and r10, r10, r12 + and r11, r11, r12 + and r14, r14, r12 + mvn r12, r12 + and r0, r0, r12 + and r1, r1, r12 + and r2, r2, r12 + and r3, r3, r12 + and r4, r4, r12 + orr r0, r0, r6 + orr r1, r1, r7 + orr r2, r2, r10 + orr r3, r3, r11 + orr r4, r4, r14 + orr r0, r0, r1, lsl #26 + lsr r1, r1, #6 + orr r1, r1, r2, lsl #20 + lsr r2, r2, #12 + orr r2, r2, r3, lsl #14 + lsr r3, r3, #18 + orr r3, r3, r4, lsl #8 + add r5, r5, #60 + stm r5, {r0-r3} +.Lpoly1305_blocks_neon_leave: + sub r0, sp, #8 + ldr sp, [sp, #120] + ldmfd sp!, {r4-r11, lr} + vldm sp!, {q4-q7} + sub r0, sp, r0 + bx lr +.size _gcry_poly1305_armv7_neon_blocks,.-_gcry_poly1305_armv7_neon_blocks; + +.globl _gcry_poly1305_armv7_neon_finish_ext +.type _gcry_poly1305_armv7_neon_finish_ext,%function; +_gcry_poly1305_armv7_neon_finish_ext: +.Lpoly1305_finish_ext_neon_local: + stmfd sp!, {r4-r11, lr} + sub sp, sp, #32 + mov r5, r0 + mov r6, r1 + mov r7, r2 + mov r8, r3 + ands r7, r7, r7 + beq .Lpoly1305_finish_ext_neon_noremaining + mov r9, sp + veor q0, q0, q0 + veor q1, q1, q1 + vst1.64 {q0-q1}, [sp] + tst r7, #16 + beq .Lpoly1305_finish_ext_neon_skip16 + vld1.u64 {q0}, [r1]! + vst1.64 {q0}, [r9]! +.Lpoly1305_finish_ext_neon_skip16: + tst r7, #8 + beq .Lpoly1305_finish_ext_neon_skip8 + ldmia r1!, {r10-r11} + stmia r9!, {r10-r11} +.Lpoly1305_finish_ext_neon_skip8: + tst r7, #4 + beq .Lpoly1305_finish_ext_neon_skip4 + ldr r10, [r1], #4 + str r10, [r9], #4 +.Lpoly1305_finish_ext_neon_skip4: + tst r7, #2 + beq .Lpoly1305_finish_ext_neon_skip2 + ldrh r10, [r1], #2 + strh r10, [r9], #2 +.Lpoly1305_finish_ext_neon_skip2: + tst r7, #1 + beq .Lpoly1305_finish_ext_neon_skip1 + ldrb r10, [r1], #1 + strb r10, [r9], #1 +.Lpoly1305_finish_ext_neon_skip1: + cmp r7, #16 + beq .Lpoly1305_finish_ext_neon_skipfinalbit + mov r10, #1 + strb r10, [r9] +.Lpoly1305_finish_ext_neon_skipfinalbit: + ldr r10, [r5, #116] + orrhs r10, #2 + orrlo r10, #4 + str r10, [r5, #116] + mov r0, r5 + mov r1, sp + mov r2, #32 + bl .Lpoly1305_blocks_neon_local +.Lpoly1305_finish_ext_neon_noremaining: + ldr r10, [r5, #116] + tst r10, #1 + beq .Lpoly1305_finish_ext_neon_notstarted + cmp r7, #0 + beq .Lpoly1305_finish_ext_neon_user2r + cmp r7, #16 + bls .Lpoly1305_finish_ext_neon_user1 +.Lpoly1305_finish_ext_neon_user2r: + orr r10, r10, #8 + b .Lpoly1305_finish_ext_neon_finalblock +.Lpoly1305_finish_ext_neon_user1: + orr r10, r10, #16 +.Lpoly1305_finish_ext_neon_finalblock: + str r10, [r5, #116] + mov r0, r5 + eor r1, r1, r1 + mov r2, #32 + bl .Lpoly1305_blocks_neon_local +.Lpoly1305_finish_ext_neon_notstarted: + add r0, r5, #60 + add r9, r5, #100 + ldm r0, {r0-r3} + ldm r9, {r9-r12} + adds r0, r0, r9 + adcs r1, r1, r10 + adcs r2, r2, r11 + adcs r3, r3, r12 + stm r8, {r0-r3} + veor q0, q0, q0 + veor q1, q1, q1 + veor q2, q2, q2 + veor q3, q3, q3 + vstmia r5!, {q0-q3} + vstm r5, {q0-q3} + add sp, sp, #32 + ldmfd sp!, {r4-r11, lr} + mov r0, #(9*4+32) + bx lr +.size _gcry_poly1305_armv7_neon_finish_ext,.-_gcry_poly1305_armv7_neon_finish_ext; + +#endif diff --git a/cipher/poly1305-internal.h b/cipher/poly1305-internal.h index 0299c43..dfc0c04 100644 --- a/cipher/poly1305-internal.h +++ b/cipher/poly1305-internal.h @@ -65,10 +65,24 @@ #endif +/* POLY1305_USE_NEON indicates whether to enable ARM NEON assembly code. */ +#undef POLY1305_USE_NEON +#if defined(ENABLE_NEON_SUPPORT) && defined(HAVE_ARM_ARCH_V6) && \ + defined(__ARMEL__) && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_NEON) +# define POLY1305_USE_NEON 1 +# define POLY1305_NEON_BLOCKSIZE 32 +# define POLY1305_NEON_STATESIZE 128 +# define POLY1305_NEON_ALIGNMENT 16 +#endif + + /* Largest block-size used in any implementation (optimized implementations * might use block-size multiple of 16). */ #ifdef POLY1305_USE_AVX2 # define POLY1305_LARGEST_BLOCKSIZE POLY1305_AVX2_BLOCKSIZE +#elif defined(POLY1305_USE_NEON) +# define POLY1305_LARGEST_BLOCKSIZE POLY1305_NEON_BLOCKSIZE #elif defined(POLY1305_USE_SSE2) # define POLY1305_LARGEST_BLOCKSIZE POLY1305_SSE2_BLOCKSIZE #else @@ -78,6 +92,8 @@ /* Largest state-size used in any implementation. */ #ifdef POLY1305_USE_AVX2 # define POLY1305_LARGEST_STATESIZE POLY1305_AVX2_STATESIZE +#elif defined(POLY1305_USE_NEON) +# define POLY1305_LARGEST_STATESIZE POLY1305_NEON_STATESIZE #elif defined(POLY1305_USE_SSE2) # define POLY1305_LARGEST_STATESIZE POLY1305_SSE2_STATESIZE #else @@ -87,6 +103,8 @@ /* Minimum alignment for state pointer passed to implementations. */ #ifdef POLY1305_USE_AVX2 # define POLY1305_STATE_ALIGNMENT POLY1305_AVX2_ALIGNMENT +#elif defined(POLY1305_USE_NEON) +# define POLY1305_STATE_ALIGNMENT POLY1305_NEON_ALIGNMENT #elif defined(POLY1305_USE_SSE2) # define POLY1305_STATE_ALIGNMENT POLY1305_SSE2_ALIGNMENT #else diff --git a/cipher/poly1305.c b/cipher/poly1305.c index fe241c1..28dbbf8 100644 --- a/cipher/poly1305.c +++ b/cipher/poly1305.c @@ -76,6 +76,25 @@ static const poly1305_ops_t poly1305_amd64_avx2_ops = { #endif +#ifdef POLY1305_USE_NEON + +void _gcry_poly1305_armv7_neon_init_ext(void *state, const poly1305_key_t *key); +unsigned int _gcry_poly1305_armv7_neon_finish_ext(void *state, const byte *m, + size_t remaining, + byte mac[16]); +unsigned int _gcry_poly1305_armv7_neon_blocks(void *ctx, const byte *m, + size_t bytes); + +static const poly1305_ops_t poly1305_armv7_neon_ops = { + POLY1305_NEON_BLOCKSIZE, + _gcry_poly1305_armv7_neon_init_ext, + _gcry_poly1305_armv7_neon_blocks, + _gcry_poly1305_armv7_neon_finish_ext +}; + +#endif + + #ifdef HAVE_U64_TYPEDEF /* Reference unoptimized poly1305 implementation using 32 bit * 32 bit = 64 bit @@ -661,6 +680,10 @@ _gcry_poly1305_init (poly1305_context_t * ctx, const byte * key, if (features & HWF_INTEL_AVX2) ctx->ops = &poly1305_amd64_avx2_ops; #endif +#ifdef POLY1305_USE_NEON + if (features & HWF_ARM_NEON) + ctx->ops = &poly1305_armv7_neon_ops; +#endif (void)features; buf_cpy (keytmp.b, key, POLY1305_KEYLEN); diff --git a/configure.ac b/configure.ac index 60ed015..a0d5fc9 100644 --- a/configure.ac +++ b/configure.ac @@ -1837,6 +1837,11 @@ case "${host}" in ;; esac +if test x"$neonsupport" = xyes ; then + # Build with the NEON implementation + GCRYPT_CIPHERS="$GCRYPT_CIPHERS poly1305-armv7-neon.lo" +fi + LIST_MEMBER(dsa, $enabled_pubkey_ciphers) if test "$found" = "1" ; then GCRYPT_PUBKEY_CIPHERS="$GCRYPT_PUBKEY_CIPHERS dsa.lo" commit c584f44543883346d5a565581ff99a0afce9c5e1 Author: Jussi Kivilinna Date: Wed Aug 6 20:05:16 2014 +0300 chacha20: add ARMv7/NEON implementation * cipher/Makefile.am: Add 'chacha20-armv7-neon.S'. * cipher/chacha20-armv7-neon.S: New. * cipher/chacha20.c (USE_NEON): New. [USE_NEON] (_gcry_chacha20_armv7_neon_blocks): New. (chacha20_do_setkey) [USE_NEON]: Use Neon implementation if HWF_ARM_NEON flag set. (selftest): Self-test encrypting buffer byte by byte. * configure.ac [neonsupport=yes]: Add 'chacha20-armv7-neon.lo'. -- Add Andrew Moon's public domain ARMv7/NEON implementation of ChaCha20. Original source is available at: https://github.com/floodyberry/chacha-opt Benchmark on Cortex-A8 (--cpu-mhz 1008): Old: CHACHA20 | nanosecs/byte mebibytes/sec cycles/byte STREAM enc | 13.45 ns/B 70.92 MiB/s 13.56 c/B STREAM dec | 13.45 ns/B 70.90 MiB/s 13.56 c/B New: CHACHA20 | nanosecs/byte mebibytes/sec cycles/byte STREAM enc | 6.20 ns/B 153.9 MiB/s 6.25 c/B STREAM dec | 6.20 ns/B 153.9 MiB/s 6.25 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 7f45cbb..09ccaf9 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -61,6 +61,7 @@ arcfour.c arcfour-amd64.S \ blowfish.c blowfish-amd64.S blowfish-arm.S \ cast5.c cast5-amd64.S cast5-arm.S \ chacha20.c chacha20-sse2-amd64.S chacha20-ssse3-amd64.S chacha20-avx2-amd64.S \ + chacha20-armv7-neon.S \ crc.c \ des.c des-amd64.S \ dsa.c \ diff --git a/cipher/chacha20-armv7-neon.S b/cipher/chacha20-armv7-neon.S new file mode 100644 index 0000000..1a395ba --- /dev/null +++ b/cipher/chacha20-armv7-neon.S @@ -0,0 +1,710 @@ +/* chacha20-armv7-neon.S - ARM/NEON accelerated chacha20 blocks function + * + * Copyright (C) 2014 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* + * Based on public domain implementation by Andrew Moon at + * https://github.com/floodyberry/chacha-opt + */ + +#include + +#if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) && \ + defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_NEON) && defined(USE_CHACHA20) + +.syntax unified +.fpu neon +.arm + +.text + +.globl _gcry_chacha20_armv7_neon_blocks +.type _gcry_chacha20_armv7_neon_blocks,%function; +_gcry_chacha20_armv7_neon_blocks: +.Lchacha_blocks_neon_local: + tst r3, r3 + beq .Lchacha_blocks_neon_nobytes + vstmdb sp!, {q4,q5,q6,q7} + stmfd sp!, {r4-r12, r14} + mov r8, sp + sub sp, sp, #196 + and sp, sp, #0xffffffe0 + str r0, [sp, #60] + str r1, [sp, #48] + str r2, [sp, #40] + str r3, [sp, #52] + str r8, [sp, #192] + add r1, sp, #64 + ldmia r0!, {r4-r11} + stmia r1!, {r4-r11} + ldmia r0!, {r4-r11} + stmia r1!, {r4-r11} + mov r4, #20 + str r4, [sp, #44] + cmp r3, #256 + blo .Lchacha_blocks_neon_mainloop2 +.Lchacha_blocks_neon_mainloop1: + ldr r0, [sp, #44] + str r0, [sp, #0] + add r1, sp, #(64) + mov r2, #1 + veor q12, q12 + vld1.32 {q0,q1}, [r1,:128]! + vld1.32 {q2,q3}, [r1,:128] + vmov.32 d24[0], r2 + vadd.u64 q3, q3, q12 + vmov q4, q0 + vmov q5, q1 + vmov q6, q2 + vadd.u64 q7, q3, q12 + vmov q8, q0 + vmov q9, q1 + vmov q10, q2 + vadd.u64 q11, q7, q12 + add r0, sp, #64 + ldm r0, {r0-r12} + ldr r14, [sp, #(64 +60)] + str r6, [sp, #8] + str r11, [sp, #12] + str r14, [sp, #28] + ldr r11, [sp, #(64 +52)] + ldr r14, [sp, #(64 +56)] +.Lchacha_blocks_neon_rounds1: + ldr r6, [sp, #0] + vadd.i32 q0, q0, q1 + add r0, r0, r4 + vadd.i32 q4, q4, q5 + add r1, r1, r5 + vadd.i32 q8, q8, q9 + eor r12, r12, r0 + veor q12, q3, q0 + eor r11, r11, r1 + veor q13, q7, q4 + ror r12, r12, #16 + veor q14, q11, q8 + ror r11, r11, #16 + vrev32.16 q3, q12 + subs r6, r6, #2 + vrev32.16 q7, q13 + add r8, r8, r12 + vrev32.16 q11, q14 + add r9, r9, r11 + vadd.i32 q2, q2, q3 + eor r4, r4, r8 + vadd.i32 q6, q6, q7 + eor r5, r5, r9 + vadd.i32 q10, q10, q11 + str r6, [sp, #0] + veor q12, q1, q2 + ror r4, r4, #20 + veor q13, q5, q6 + ror r5, r5, #20 + veor q14, q9, q10 + add r0, r0, r4 + vshl.i32 q1, q12, #12 + add r1, r1, r5 + vshl.i32 q5, q13, #12 + ldr r6, [sp, #8] + vshl.i32 q9, q14, #12 + eor r12, r12, r0 + vsri.u32 q1, q12, #20 + eor r11, r11, r1 + vsri.u32 q5, q13, #20 + ror r12, r12, #24 + vsri.u32 q9, q14, #20 + ror r11, r11, #24 + vadd.i32 q0, q0, q1 + add r8, r8, r12 + vadd.i32 q4, q4, q5 + add r9, r9, r11 + vadd.i32 q8, q8, q9 + eor r4, r4, r8 + veor q12, q3, q0 + eor r5, r5, r9 + veor q13, q7, q4 + str r11, [sp, #20] + veor q14, q11, q8 + ror r4, r4, #25 + vshl.i32 q3, q12, #8 + ror r5, r5, #25 + vshl.i32 q7, q13, #8 + str r4, [sp, #4] + vshl.i32 q11, q14, #8 + ldr r4, [sp, #28] + vsri.u32 q3, q12, #24 + add r2, r2, r6 + vsri.u32 q7, q13, #24 + add r3, r3, r7 + vsri.u32 q11, q14, #24 + ldr r11, [sp, #12] + vadd.i32 q2, q2, q3 + eor r14, r14, r2 + vadd.i32 q6, q6, q7 + eor r4, r4, r3 + vadd.i32 q10, q10, q11 + ror r14, r14, #16 + veor q12, q1, q2 + ror r4, r4, #16 + veor q13, q5, q6 + add r10, r10, r14 + veor q14, q9, q10 + add r11, r11, r4 + vshl.i32 q1, q12, #7 + eor r6, r6, r10 + vshl.i32 q5, q13, #7 + eor r7, r7, r11 + vshl.i32 q9, q14, #7 + ror r6, r6, #20 + vsri.u32 q1, q12, #25 + ror r7, r7, #20 + vsri.u32 q5, q13, #25 + add r2, r2, r6 + vsri.u32 q9, q14, #25 + add r3, r3, r7 + vext.32 q3, q3, q3, #3 + eor r14, r14, r2 + vext.32 q7, q7, q7, #3 + eor r4, r4, r3 + vext.32 q11, q11, q11, #3 + ror r14, r14, #24 + vext.32 q1, q1, q1, #1 + ror r4, r4, #24 + vext.32 q5, q5, q5, #1 + add r10, r10, r14 + vext.32 q9, q9, q9, #1 + add r11, r11, r4 + vext.32 q2, q2, q2, #2 + eor r6, r6, r10 + vext.32 q6, q6, q6, #2 + eor r7, r7, r11 + vext.32 q10, q10, q10, #2 + ror r6, r6, #25 + vadd.i32 q0, q0, q1 + ror r7, r7, #25 + vadd.i32 q4, q4, q5 + add r0, r0, r5 + vadd.i32 q8, q8, q9 + add r1, r1, r6 + veor q12, q3, q0 + eor r4, r4, r0 + veor q13, q7, q4 + eor r12, r12, r1 + veor q14, q11, q8 + ror r4, r4, #16 + vrev32.16 q3, q12 + ror r12, r12, #16 + vrev32.16 q7, q13 + add r10, r10, r4 + vrev32.16 q11, q14 + add r11, r11, r12 + vadd.i32 q2, q2, q3 + eor r5, r5, r10 + vadd.i32 q6, q6, q7 + eor r6, r6, r11 + vadd.i32 q10, q10, q11 + ror r5, r5, #20 + veor q12, q1, q2 + ror r6, r6, #20 + veor q13, q5, q6 + add r0, r0, r5 + veor q14, q9, q10 + add r1, r1, r6 + vshl.i32 q1, q12, #12 + eor r4, r4, r0 + vshl.i32 q5, q13, #12 + eor r12, r12, r1 + vshl.i32 q9, q14, #12 + ror r4, r4, #24 + vsri.u32 q1, q12, #20 + ror r12, r12, #24 + vsri.u32 q5, q13, #20 + add r10, r10, r4 + vsri.u32 q9, q14, #20 + add r11, r11, r12 + vadd.i32 q0, q0, q1 + eor r5, r5, r10 + vadd.i32 q4, q4, q5 + eor r6, r6, r11 + vadd.i32 q8, q8, q9 + str r11, [sp, #12] + veor q12, q3, q0 + ror r5, r5, #25 + veor q13, q7, q4 + ror r6, r6, #25 + veor q14, q11, q8 + str r4, [sp, #28] + vshl.i32 q3, q12, #8 + ldr r4, [sp, #4] + vshl.i32 q7, q13, #8 + add r2, r2, r7 + vshl.i32 q11, q14, #8 + add r3, r3, r4 + vsri.u32 q3, q12, #24 + ldr r11, [sp, #20] + vsri.u32 q7, q13, #24 + eor r11, r11, r2 + vsri.u32 q11, q14, #24 + eor r14, r14, r3 + vadd.i32 q2, q2, q3 + ror r11, r11, #16 + vadd.i32 q6, q6, q7 + ror r14, r14, #16 + vadd.i32 q10, q10, q11 + add r8, r8, r11 + veor q12, q1, q2 + add r9, r9, r14 + veor q13, q5, q6 + eor r7, r7, r8 + veor q14, q9, q10 + eor r4, r4, r9 + vshl.i32 q1, q12, #7 + ror r7, r7, #20 + vshl.i32 q5, q13, #7 + ror r4, r4, #20 + vshl.i32 q9, q14, #7 + str r6, [sp, #8] + vsri.u32 q1, q12, #25 + add r2, r2, r7 + vsri.u32 q5, q13, #25 + add r3, r3, r4 + vsri.u32 q9, q14, #25 + eor r11, r11, r2 + vext.32 q3, q3, q3, #1 + eor r14, r14, r3 + vext.32 q7, q7, q7, #1 + ror r11, r11, #24 + vext.32 q11, q11, q11, #1 + ror r14, r14, #24 + vext.32 q1, q1, q1, #3 + add r8, r8, r11 + vext.32 q5, q5, q5, #3 + add r9, r9, r14 + vext.32 q9, q9, q9, #3 + eor r7, r7, r8 + vext.32 q2, q2, q2, #2 + eor r4, r4, r9 + vext.32 q6, q6, q6, #2 + ror r7, r7, #25 + vext.32 q10, q10, q10, #2 + ror r4, r4, #25 + bne .Lchacha_blocks_neon_rounds1 + str r8, [sp, #0] + str r9, [sp, #4] + str r10, [sp, #8] + str r12, [sp, #16] + str r11, [sp, #20] + str r14, [sp, #24] + add r9, sp, #64 + vld1.32 {q12,q13}, [r9,:128]! + ldr r12, [sp, #48] + vld1.32 {q14,q15}, [r9,:128] + ldr r14, [sp, #40] + vadd.i32 q0, q0, q12 + ldr r8, [sp, #(64 +0)] + vadd.i32 q4, q4, q12 + ldr r9, [sp, #(64 +4)] + vadd.i32 q8, q8, q12 + ldr r10, [sp, #(64 +8)] + vadd.i32 q1, q1, q13 + ldr r11, [sp, #(64 +12)] + vadd.i32 q5, q5, q13 + add r0, r0, r8 + vadd.i32 q9, q9, q13 + add r1, r1, r9 + vadd.i32 q2, q2, q14 + add r2, r2, r10 + vadd.i32 q6, q6, q14 + ldr r8, [sp, #(64 +16)] + vadd.i32 q10, q10, q14 + add r3, r3, r11 + veor q14, q14, q14 + ldr r9, [sp, #(64 +20)] + mov r11, #1 + add r4, r4, r8 + vmov.32 d28[0], r11 + ldr r10, [sp, #(64 +24)] + vadd.u64 q12, q14, q15 + add r5, r5, r9 + vadd.u64 q13, q14, q12 + ldr r11, [sp, #(64 +28)] + vadd.u64 q14, q14, q13 + add r6, r6, r10 + vadd.i32 q3, q3, q12 + tst r12, r12 + vadd.i32 q7, q7, q13 + add r7, r7, r11 + vadd.i32 q11, q11, q14 + beq .Lchacha_blocks_neon_nomessage11 + ldmia r12!, {r8-r11} + eor r0, r0, r8 + eor r1, r1, r9 + eor r2, r2, r10 + ldr r8, [r12, #0] + eor r3, r3, r11 + ldr r9, [r12, #4] + eor r4, r4, r8 + ldr r10, [r12, #8] + eor r5, r5, r9 + ldr r11, [r12, #12] + eor r6, r6, r10 + add r12, r12, #16 + eor r7, r7, r11 +.Lchacha_blocks_neon_nomessage11: + stmia r14!, {r0-r7} + ldm sp, {r0-r7} + ldr r8, [sp, #(64 +32)] + ldr r9, [sp, #(64 +36)] + ldr r10, [sp, #(64 +40)] + ldr r11, [sp, #(64 +44)] + add r0, r0, r8 + add r1, r1, r9 + add r2, r2, r10 + ldr r8, [sp, #(64 +48)] + add r3, r3, r11 + ldr r9, [sp, #(64 +52)] + add r4, r4, r8 + ldr r10, [sp, #(64 +56)] + add r5, r5, r9 + ldr r11, [sp, #(64 +60)] + add r6, r6, r10 + adds r8, r8, #4 + add r7, r7, r11 + adc r9, r9, #0 + str r8, [sp, #(64 +48)] + tst r12, r12 + str r9, [sp, #(64 +52)] + beq .Lchacha_blocks_neon_nomessage12 + ldmia r12!, {r8-r11} + eor r0, r0, r8 + eor r1, r1, r9 + eor r2, r2, r10 + ldr r8, [r12, #0] + eor r3, r3, r11 + ldr r9, [r12, #4] + eor r4, r4, r8 + ldr r10, [r12, #8] + eor r5, r5, r9 + ldr r11, [r12, #12] + eor r6, r6, r10 + add r12, r12, #16 + eor r7, r7, r11 +.Lchacha_blocks_neon_nomessage12: + stmia r14!, {r0-r7} + beq .Lchacha_blocks_neon_nomessage13 + vld1.32 {q12,q13}, [r12]! + vld1.32 {q14,q15}, [r12]! + veor q0, q0, q12 + veor q1, q1, q13 + veor q2, q2, q14 + veor q3, q3, q15 +.Lchacha_blocks_neon_nomessage13: + vst1.32 {q0,q1}, [r14]! + vst1.32 {q2,q3}, [r14]! + beq .Lchacha_blocks_neon_nomessage14 + vld1.32 {q12,q13}, [r12]! + vld1.32 {q14,q15}, [r12]! + veor q4, q4, q12 + veor q5, q5, q13 + veor q6, q6, q14 + veor q7, q7, q15 +.Lchacha_blocks_neon_nomessage14: + vst1.32 {q4,q5}, [r14]! + vst1.32 {q6,q7}, [r14]! + beq .Lchacha_blocks_neon_nomessage15 + vld1.32 {q12,q13}, [r12]! + vld1.32 {q14,q15}, [r12]! + veor q8, q8, q12 + veor q9, q9, q13 + veor q10, q10, q14 + veor q11, q11, q15 +.Lchacha_blocks_neon_nomessage15: + vst1.32 {q8,q9}, [r14]! + vst1.32 {q10,q11}, [r14]! + str r12, [sp, #48] + str r14, [sp, #40] + ldr r3, [sp, #52] + sub r3, r3, #256 + cmp r3, #256 + str r3, [sp, #52] + bhs .Lchacha_blocks_neon_mainloop1 + tst r3, r3 + beq .Lchacha_blocks_neon_done +.Lchacha_blocks_neon_mainloop2: + ldr r3, [sp, #52] + ldr r1, [sp, #48] + cmp r3, #64 + bhs .Lchacha_blocks_neon_noswap1 + add r4, sp, #128 + mov r5, r4 + tst r1, r1 + beq .Lchacha_blocks_neon_nocopy1 +.Lchacha_blocks_neon_copyinput1: + subs r3, r3, #1 + ldrb r0, [r1], #1 + strb r0, [r4], #1 + bne .Lchacha_blocks_neon_copyinput1 + str r5, [sp, #48] +.Lchacha_blocks_neon_nocopy1: + ldr r4, [sp, #40] + str r5, [sp, #40] + str r4, [sp, #56] +.Lchacha_blocks_neon_noswap1: + ldr r0, [sp, #44] + str r0, [sp, #0] + add r0, sp, #64 + ldm r0, {r0-r12} + ldr r14, [sp, #(64 +60)] + str r6, [sp, #8] + str r11, [sp, #12] + str r14, [sp, #28] + ldr r11, [sp, #(64 +52)] + ldr r14, [sp, #(64 +56)] +.Lchacha_blocks_neon_rounds2: + ldr r6, [sp, #0] + add r0, r0, r4 + add r1, r1, r5 + eor r12, r12, r0 + eor r11, r11, r1 + ror r12, r12, #16 + ror r11, r11, #16 + subs r6, r6, #2 + add r8, r8, r12 + add r9, r9, r11 + eor r4, r4, r8 + eor r5, r5, r9 + str r6, [sp, #0] + ror r4, r4, #20 + ror r5, r5, #20 + add r0, r0, r4 + add r1, r1, r5 + ldr r6, [sp, #8] + eor r12, r12, r0 + eor r11, r11, r1 + ror r12, r12, #24 + ror r11, r11, #24 + add r8, r8, r12 + add r9, r9, r11 + eor r4, r4, r8 + eor r5, r5, r9 + str r11, [sp, #20] + ror r4, r4, #25 + ror r5, r5, #25 + str r4, [sp, #4] + ldr r4, [sp, #28] + add r2, r2, r6 + add r3, r3, r7 + ldr r11, [sp, #12] + eor r14, r14, r2 + eor r4, r4, r3 + ror r14, r14, #16 + ror r4, r4, #16 + add r10, r10, r14 + add r11, r11, r4 + eor r6, r6, r10 + eor r7, r7, r11 + ror r6, r6, #20 + ror r7, r7, #20 + add r2, r2, r6 + add r3, r3, r7 + eor r14, r14, r2 + eor r4, r4, r3 + ror r14, r14, #24 + ror r4, r4, #24 + add r10, r10, r14 + add r11, r11, r4 + eor r6, r6, r10 + eor r7, r7, r11 + ror r6, r6, #25 + ror r7, r7, #25 + add r0, r0, r5 + add r1, r1, r6 + eor r4, r4, r0 + eor r12, r12, r1 + ror r4, r4, #16 + ror r12, r12, #16 + add r10, r10, r4 + add r11, r11, r12 + eor r5, r5, r10 + eor r6, r6, r11 + ror r5, r5, #20 + ror r6, r6, #20 + add r0, r0, r5 + add r1, r1, r6 + eor r4, r4, r0 + eor r12, r12, r1 + ror r4, r4, #24 + ror r12, r12, #24 + add r10, r10, r4 + add r11, r11, r12 + eor r5, r5, r10 + eor r6, r6, r11 + str r11, [sp, #12] + ror r5, r5, #25 + ror r6, r6, #25 + str r4, [sp, #28] + ldr r4, [sp, #4] + add r2, r2, r7 + add r3, r3, r4 + ldr r11, [sp, #20] + eor r11, r11, r2 + eor r14, r14, r3 + ror r11, r11, #16 + ror r14, r14, #16 + add r8, r8, r11 + add r9, r9, r14 + eor r7, r7, r8 + eor r4, r4, r9 + ror r7, r7, #20 + ror r4, r4, #20 + str r6, [sp, #8] + add r2, r2, r7 + add r3, r3, r4 + eor r11, r11, r2 + eor r14, r14, r3 + ror r11, r11, #24 + ror r14, r14, #24 + add r8, r8, r11 + add r9, r9, r14 + eor r7, r7, r8 + eor r4, r4, r9 + ror r7, r7, #25 + ror r4, r4, #25 + bne .Lchacha_blocks_neon_rounds2 + str r8, [sp, #0] + str r9, [sp, #4] + str r10, [sp, #8] + str r12, [sp, #16] + str r11, [sp, #20] + str r14, [sp, #24] + ldr r12, [sp, #48] + ldr r14, [sp, #40] + ldr r8, [sp, #(64 +0)] + ldr r9, [sp, #(64 +4)] + ldr r10, [sp, #(64 +8)] + ldr r11, [sp, #(64 +12)] + add r0, r0, r8 + add r1, r1, r9 + add r2, r2, r10 + ldr r8, [sp, #(64 +16)] + add r3, r3, r11 + ldr r9, [sp, #(64 +20)] + add r4, r4, r8 + ldr r10, [sp, #(64 +24)] + add r5, r5, r9 + ldr r11, [sp, #(64 +28)] + add r6, r6, r10 + tst r12, r12 + add r7, r7, r11 + beq .Lchacha_blocks_neon_nomessage21 + ldmia r12!, {r8-r11} + eor r0, r0, r8 + eor r1, r1, r9 + eor r2, r2, r10 + ldr r8, [r12, #0] + eor r3, r3, r11 + ldr r9, [r12, #4] + eor r4, r4, r8 + ldr r10, [r12, #8] + eor r5, r5, r9 + ldr r11, [r12, #12] + eor r6, r6, r10 + add r12, r12, #16 + eor r7, r7, r11 +.Lchacha_blocks_neon_nomessage21: + stmia r14!, {r0-r7} + ldm sp, {r0-r7} + ldr r8, [sp, #(64 +32)] + ldr r9, [sp, #(64 +36)] + ldr r10, [sp, #(64 +40)] + ldr r11, [sp, #(64 +44)] + add r0, r0, r8 + add r1, r1, r9 + add r2, r2, r10 + ldr r8, [sp, #(64 +48)] + add r3, r3, r11 + ldr r9, [sp, #(64 +52)] + add r4, r4, r8 + ldr r10, [sp, #(64 +56)] + add r5, r5, r9 + ldr r11, [sp, #(64 +60)] + add r6, r6, r10 + adds r8, r8, #1 + add r7, r7, r11 + adc r9, r9, #0 + str r8, [sp, #(64 +48)] + tst r12, r12 + str r9, [sp, #(64 +52)] + beq .Lchacha_blocks_neon_nomessage22 + ldmia r12!, {r8-r11} + eor r0, r0, r8 + eor r1, r1, r9 + eor r2, r2, r10 + ldr r8, [r12, #0] + eor r3, r3, r11 + ldr r9, [r12, #4] + eor r4, r4, r8 + ldr r10, [r12, #8] + eor r5, r5, r9 + ldr r11, [r12, #12] + eor r6, r6, r10 + add r12, r12, #16 + eor r7, r7, r11 +.Lchacha_blocks_neon_nomessage22: + stmia r14!, {r0-r7} + str r12, [sp, #48] + str r14, [sp, #40] + ldr r3, [sp, #52] + cmp r3, #64 + sub r4, r3, #64 + str r4, [sp, #52] + bhi .Lchacha_blocks_neon_mainloop2 + cmp r3, #64 + beq .Lchacha_blocks_neon_nocopy2 + ldr r1, [sp, #56] + sub r14, r14, #64 +.Lchacha_blocks_neon_copyinput2: + subs r3, r3, #1 + ldrb r0, [r14], #1 + strb r0, [r1], #1 + bne .Lchacha_blocks_neon_copyinput2 +.Lchacha_blocks_neon_nocopy2: +.Lchacha_blocks_neon_done: + ldr r7, [sp, #60] + ldr r8, [sp, #(64 +48)] + ldr r9, [sp, #(64 +52)] + str r8, [r7, #(48 + 0)] + str r9, [r7, #(48 + 4)] + mov r12, sp + stmia r12!, {r0-r7} + add r12, r12, #48 + stmia r12!, {r0-r7} + sub r0, sp, #8 + ldr sp, [sp, #192] + ldmfd sp!, {r4-r12, r14} + vldm sp!, {q4-q7} + sub r0, sp, r0 + bx lr +.Lchacha_blocks_neon_nobytes: + mov r0, #0; + bx lr +.ltorg +.size _gcry_chacha20_armv7_neon_blocks,.-_gcry_chacha20_armv7_neon_blocks; + +#endif diff --git a/cipher/chacha20.c b/cipher/chacha20.c index ebba2fc..c1847aa 100644 --- a/cipher/chacha20.c +++ b/cipher/chacha20.c @@ -67,6 +67,16 @@ # define USE_AVX2 1 #endif +/* USE_NEON indicates whether to enable ARM NEON assembly code. */ +#undef USE_NEON +#ifdef ENABLE_NEON_SUPPORT +# if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \ + && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \ + && defined(HAVE_GCC_INLINE_ASM_NEON) +# define USE_NEON 1 +# endif +#endif /*ENABLE_NEON_SUPPORT*/ + struct CHACHA20_context_s; @@ -104,6 +114,13 @@ unsigned int _gcry_chacha20_amd64_avx2_blocks(u32 *state, const byte *in, #endif /* USE_AVX2 */ +#ifdef USE_NEON + +unsigned int _gcry_chacha20_armv7_neon_blocks(u32 *state, const byte *in, + byte *out, size_t bytes); + +#endif /* USE_NEON */ + static void chacha20_setiv (void *context, const byte * iv, size_t ivlen); static const char *selftest (void); @@ -353,6 +370,10 @@ chacha20_do_setkey (CHACHA20_context_t * ctx, if (features & HWF_INTEL_AVX2) ctx->blocks = _gcry_chacha20_amd64_avx2_blocks; #endif +#ifdef USE_NEON + if (features & HWF_ARM_NEON) + ctx->blocks = _gcry_chacha20_armv7_neon_blocks; +#endif (void)features; @@ -541,6 +562,19 @@ selftest (void) if (buf[i] != (byte) i) return "ChaCha20 encryption test 2 failed."; + chacha20_setkey (&ctx, key_1, sizeof key_1); + chacha20_setiv (&ctx, nonce_1, sizeof nonce_1); + /* encrypt */ + for (i = 0; i < sizeof buf; i++) + chacha20_encrypt_stream (&ctx, &buf[i], &buf[i], 1); + /* decrypt */ + chacha20_setkey (&ctx, key_1, sizeof key_1); + chacha20_setiv (&ctx, nonce_1, sizeof nonce_1); + chacha20_encrypt_stream (&ctx, buf, buf, sizeof buf); + for (i = 0; i < sizeof buf; i++) + if (buf[i] != (byte) i) + return "ChaCha20 encryption test 3 failed."; + return NULL; } diff --git a/configure.ac b/configure.ac index d14b7f6..60ed015 100644 --- a/configure.ac +++ b/configure.ac @@ -1822,6 +1822,11 @@ if test "$found" = "1" ; then GCRYPT_CIPHERS="$GCRYPT_CIPHERS chacha20-avx2-amd64.lo" ;; esac + + if test x"$neonsupport" = xyes ; then + # Build with the NEON implementation + GCRYPT_CIPHERS="$GCRYPT_CIPHERS chacha20-armv7-neon.lo" + fi fi case "${host}" in ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 3 +- cipher/chacha20-armv7-neon.S | 710 ++++++++++++++++++++++++++++++++++++++++++ cipher/chacha20.c | 34 ++ cipher/poly1305-armv7-neon.S | 705 +++++++++++++++++++++++++++++++++++++++++ cipher/poly1305-internal.h | 18 ++ cipher/poly1305.c | 23 ++ configure.ac | 10 + src/hwf-arm.c | 57 +++- 8 files changed, 1556 insertions(+), 4 deletions(-) create mode 100644 cipher/chacha20-armv7-neon.S create mode 100644 cipher/poly1305-armv7-neon.S hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 5 22:02:16 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Nov 2014 22:02:16 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-2-g8ec0b38 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8ec0b384a86bd7f67a60ab43ff1540e80c3f729d (commit) from d280a52757b6a9968c98500dfe5e07e519423dba (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8ec0b384a86bd7f67a60ab43ff1540e80c3f729d Author: Werner Koch Date: Wed Nov 5 21:40:52 2014 +0100 speedo: Append the date to the Windows installer. * build-aux/speedo.mk (BUILD_DATESTR): New. (dist-source, installer): Use it. diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index b7bcf06..63d508d 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -573,6 +573,7 @@ endif BUILD_ISODATE=$(shell date -u +%Y-%m-%d) +BUILD_DATESTR=$(subst -,,$(BUILD_ISODATE)) # The next two macros will work only after gnupg has been build. ifeq ($(TARGETOS),w32) @@ -1000,7 +1001,7 @@ ifeq ($(TARGETOS),w32) dist-source: all for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done (set -e;\ - tarname="$(INST_NAME)-$(INST_VERSION)_$(BUILD_ISODATE).tar" ;\ + tarname="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).tar" ;\ [ -f "$$tarname" ] && rm "$$tarname" ;\ tar -C $(topsrc) -cf "$$tarname" --exclude-backups --exclude-vc \ --transform='s,^\./,$(INST_NAME)-$(INST_VERSION)/,' \ @@ -1043,11 +1044,12 @@ installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt -DTOP_SRCDIR=$(topsrc) \ -DW32_SRCDIR=$(w32src) \ -DBUILD_ISODATE=$(BUILD_ISODATE) \ + -DBUILD_DATESTR=$(BUILD_DATESTR) \ -DNAME=$(INST_NAME) \ -DVERSION=$(INST_VERSION) \ -DPROD_VERSION=$(INST_PROD_VERSION) \ $(w32src)/inst.nsi - @echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)" + @echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" endif # }}} W32 diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index 707b058..b43e5ff 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -22,7 +22,8 @@ # BUILD_DIR # TOP_SRCDIR # W32_SRCDIR -# BUILD_ISODATE +# BUILD_ISODATE - the build date, e.g. "2014-10-31" +# BUILD_DATESTR - ditto w/o '-', e.g. "20141031" # NAME # VERSION # PROD_VERSION @@ -94,9 +95,9 @@ SetCompressor lzma Name "${PRETTY_PACKAGE}" # Set the output filename. -OutFile "${NAME}-${VERSION}.exe" +OutFile "${NAME}-${VERSION}_${BUILD_DATESTR}.exe" -#Fixme: Do we need a logo +#Fixme: Do we need a logo? #Icon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico" #UninstallIcon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico" ----------------------------------------------------------------------- Summary of changes: build-aux/speedo.mk | 6 ++++-- build-aux/speedo/w32/inst.nsi | 7 ++++--- 2 files changed, 8 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 6 10:04:21 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 06 Nov 2014 10:04:21 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-3-ge0db5af Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e0db5af7ed9c2872cfdbf2adadcf49b954d85af3 (commit) from 8ec0b384a86bd7f67a60ab43ff1540e80c3f729d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e0db5af7ed9c2872cfdbf2adadcf49b954d85af3 Author: Werner Koch Date: Thu Nov 6 10:03:39 2014 +0100 doc: Add announce text for 2.1 -- diff --git a/doc/announce-2.1.txt b/doc/announce-2.1.txt new file mode 100644 index 0000000..e165332 --- /dev/null +++ b/doc/announce-2.1.txt @@ -0,0 +1,261 @@ +Hello! + +The GnuPG Project is pleased to announce the availability of a +new release: Version 2.1.0. + +The GNU Privacy Guard (GnuPG) is a complete and free implementation of +the OpenPGP standard as defined by RFC-4880 and better known as PGP. + +GnuPG, also known as GPG, allows to encrypt and sign data and +communication, features a versatile key management system as well as +access modules for public key directories. GnuPG itself is a command +line tool with features for easy integration with other applications. +A wealth of frontend applications and libraries making use of GnuPG +are available. Since version 2 GnuPG provides support for S/MIME and +Secure Shell in addition to OpenPGP. + +GnuPG is Free Software (meaning that it respects your freedom). It can +be freely used, modified and distributed under the terms of the GNU +General Public License. + +Three different versions of GnuPG are actively maintained: + +- GnuPG "modern" (2.1) is the latest development with a lot of new + features. This announcement is about the first release of this + version. + +- GnuPG "stable" (2.0) is the current stable version for general use. + This is what most users are currently using. + +- GnuPG "classic" (1.4) is the old standalone version which is most + suitable for older or embedded platforms. + +You may not install "modern" (2.1) and "stable" (2.0) at the same +time. However, it is possible to install "classic" (1.4) along with +any of the other versions. + + +What's New in GnuPG-2.1 +======================= + + - The file "secring.gpg" is not anymore used to store the secret + keys. Merging of secret keys is now supported. + + - All support for PGP-2 keys has been removed for security reasons. + + - The standard key generation interface is now much leaner. This + will help a new user to quickly generate a suitable key. + + - Support for Elliptic Curve Cryptography (ECC) is now available. + + - Commands to create and sign keys from the command line without any + extra prompts are now available. + + - The Pinentry may now show the new passphrase entry and the + passphrase confirmation entry in one dialog. + + - There is no more need to manually start the gpg-agent. It is now + started by any part of GnuPG as needed. + + - Problems with importing keys with the same long key id have been + addressed. + + - The Dirmngr is now part of GnuPG proper and also takes care of + accessing keyserver. + + - Keyserver pools are now handled in a smarter way. + + - A new format for locally storing the public keys is now used. + This considerable speeds up operations on large keyrings. + + - Revocation certificates are now created by default. + + - Card support has been updated, new readers and token types are + supported. + + - The format of the key listing has been changed to better identify + the properties of a key. + + - The gpg-agent may now be used on Windows as a Pageant replacement + for Putty in the same way it is used for years on Unix as + ssh-agent replacement. + + - Creation of X.509 certificates has been improved. It is now also + possible to export them directly in PKCS#8 and PEM format for use + on TLS servers. + +A detailed description of the changes can be found at +https://gnupg.org/faq/whats-new-in-2.1.html . + + +Getting the Software +==================== + +Please follow the instructions found at https://gnupg.org/download/ or +read on: + +GnuPG 2.1.0 may be downloaded from one of the GnuPG mirror sites or +direct from its primary FTP server. The list of mirrors can be found +at https://gnupg.org/mirrors.html . Note that GnuPG is not available +at ftp.gnu.org. + +On ftp.gnupg.org you find these files: + + ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2 (3039k) + ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2.sig + +This is the GnuPG 2.1 source code compressed using BZIP2 and its +OpenPGP signature. + + ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.0_20141105.exe (6225k) + ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.0_20141105.exe.sig + +This is an experimental installer for Windows including GPA as +graphical key manager and GpgEX as an Explorer extension. Please +de-install an already installed Gpg4win version before trying this +installer. This binary version has not been tested very well, thus it +is likely that you will run into problems. The complete source code +for the software included in this installer is in the same directory; +use the suffix ".tar.xz" instead of ".exe". + +Although several beta versions have been released over the course of +the last years, no extensive public field test has been done. Thus it +is likely that bugs will show up. Please check the mailing list +archives and the new wiki https://wiki.gnupg.org for latest +information on known problems and workaround. + + +Checking the Integrity +====================== + +In order to check that the version of GnuPG which you are going to +install is an original and unmodified one, you can do it in one of +the following ways: + + * If you already have a version of GnuPG installed, you can simply + verify the supplied signature. For example to verify the signature + of the file gnupg-2.1.0.tar.bz2 you would use this command: + + gpg --verify gnupg-2.1.0.tar.bz2.sig + + This checks whether the signature file matches the source file. + You should see a message indicating that the signature is good and + made by one or more of the release signing keys. Make sure that + this is a valid key, either by matching the shown fingerprint + against a trustworthy list of valid release signing keys or by + checking that the key has been signed by trustworthy other keys. + See below for information on the signing keys. + + * If you are not able to use an existing version of GnuPG, you have + to verify the SHA-1 checksum. On Unix systems the command to do + this is either "sha1sum" or "shasum". Assuming you downloaded the + file gnupg-2.1.0.tar.bz2, you would run the command like this: + + sha1sum gnupg-2.1.0.tar.bz2 + + and check that the output matches the first line from the + following list: + +2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33 gnupg-2.1.0.tar.bz2 +9907cb6509a0e63331b27a92e25c1ef956caaf3b gnupg-w32-2.1.0_20141105.exe +28dc1365292c61fbb2bbae730d4158f425463c91 gnupg-w32-2.1.0_20141105.tar.xz + + +Release Signing Keys +==================== + +To guarantee that a downloaded GnuPG version has not been tampered by +malicious entities we provide signature files for all tarballs and +binary versions. The keys are also signed by the long term keys of +their respective owners. Current releases are signed by one or more +of these four keys: + + 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] + Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 + Werner Koch (dist sig) + + rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] + Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 + David Shaw (GnuPG Release Signing Key) + + rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28] + Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06 + NIIBE Yutaka (GnuPG Release Key) + + rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31] + Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9 + Werner Koch (Release Signing Key) + +You may retrieve these files from the keyservers using this command + + gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \ + 2071B08A33BD3F06 8A861B1C7EFD60D9 + +The keys are also available at https://gnupg.org/signature_key.html +and in the released GnuPG tarball in the file g10/distsigkey.gpg . +Note that this mail has been signed using my standard PGP key. + + +Internationalization +==================== + +This new branch of GnuPG has support for 4 languages: French, German, +Japanese, and Ukrainian. More translations can be expected with the +next point releases. + + +Documentation +============= + +If you used GnuPG in the past you should read the description of +changes and new features at doc/whats-new-in-2.1.txt or online at + + https://gnupg.org/faq/whats-new-in-2.1.html + +The file gnupg.info has the complete user manual of the system. +Separate man pages are included as well but they have not all the +details available in the manual. It is also possible to read the +complete manual online in HTML format at + + https://gnupg.org/documentation/manuals/gnupg/ + +or in Portable Document Format at + + https://gnupg.org/documentation/manuals/gnupg.pdf . + +The chapters on gpg-agent, gpg and gpgsm include information on how +to set up the whole thing. You may also want search the GnuPG mailing +list archives or ask on the gnupg-users mailing lists for advise on +how to solve problems. Many of the new features are around for +several years and thus enough public knowledge is already available. + + +Support +======== + +Please consult the archive of the gnupg-users mailing list before +reporting a bug . +We suggest to send bug reports for a new release to this list in favor +of filing a bug at . For commercial support +requests we keep a list of known service companies at: + + https://gnupg.org/service.html + +The driving force behind the development of GnuPG is the company of +its principal author, Werner Koch. Maintenance and improvement of +GnuPG and related software takes up most of their resources. To allow +him to continue this work he kindly asks to either purchase a support +contract, engage g10 Code for custom enhancements, or to donate money: + + https://gnupg.org/donate/ + + +Thanks +====== + +We have to thank all the people who helped with this release, be it +testing, coding, translating, suggesting, auditing, administering the +servers, spreading the word, and answering questions on the mailing +lists. A final big Thank You goes to Hal Finney, who too early passed +away this year. Hal worked on PGP and helped to make OpenPGP a great +standard; it has been a pleasure having worked with him. ----------------------------------------------------------------------- Summary of changes: doc/announce-2.1.txt | 261 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 261 insertions(+) create mode 100644 doc/announce-2.1.txt hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 6 11:31:18 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 06 Nov 2014 11:31:18 +0100 Subject: [git] gnupg-doc - branch, master, updated. 8def37abf07d60384864377829a42e3849578623 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8def37abf07d60384864377829a42e3849578623 (commit) via 8bb197809ffedf711ac08332071e9fb39d1ddbbb (commit) via eacffee435910dc5c2199f25a5de8bcee2d09467 (commit) via 89f1a299bb6f4e0f3ef9e513aca88e67aa6b8655 (commit) from da2e0aee2b18f23e154319cbfd7e8ad404cfb2ad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8def37abf07d60384864377829a42e3849578623 Author: Werner Koch Date: Thu Nov 6 00:05:47 2014 +0100 web: Release of GnuPG 2.1.0 diff --git a/web/documentation/manuals.org b/web/documentation/manuals.org index d94b393..c324329 100644 --- a/web/documentation/manuals.org +++ b/web/documentation/manuals.org @@ -7,9 +7,10 @@ This is a list of online available manuals. Those marked as "draft" may document features not yet available in the released software version. - - GnuPG (2.0) manual : [[file:manuals/gnupg/][HTML]], [[file:manuals/gnupg.pdf][PDF]], [[file:manuals/gnupg-devel/][HTML (draft)]]. - - Dirmngr manual : [[file:manuals/dirmngr/][HTML]], [[file:manuals/dirmngr.pdf][PDF]]. + - GnuPG (2.1) manual : [[file:manuals/gnupg/][HTML]], [[file:manuals/gnupg.pdf][PDF]] +# , [[file:manuals/gnupg-devel/][HTML (draft)]]. - Libgcrypt manual : [[file:manuals/gcrypt/][HTML]], [[file:manuals/gcrypt.pdf][PDF]], [[file:manuals/gcrypt-devel/][HTML (draft)]]. - Libksba manual : [[file:manuals/ksba/][HTML]], [[file:manuals/ksba.pdf][PDF]]. - Libassuan manual : [[file:manuals/assuan/][HTML]], [[file:manuals/assuan.pdf][PDF]]. - GPGME manual : [[file:manuals/gpgme/][HTML]], [[file:manuals/gpgme.pdf][PDF]]. + - Dirmngr manual : [[file:manuals/dirmngr/][HTML]], [[file:manuals/dirmngr.pdf][PDF]] (for GnuPG 2.0). diff --git a/web/download/index.org b/web/download/index.org index a9dfbc5..ede8133 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -1,6 +1,7 @@ #+TITLE: GnuPG - Download #+STARTUP: showall align #+SETUPFILE: "../share/setup.inc" +#+OPTIONS: ^:{} #+macro: check_sig_note GnuPG distributions are signed. It is wise and more secure to check out for their [[integrity_check.org][@@html:@@integrity@@html:@@]]. #+macro: ftpopen @@html:download@@ @@ -43,7 +44,7 @@ |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| | | | | | | | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | GnuPG modern | {{{gnupg21_ver}}} | | --- | | + | GnuPG modern | {{{gnupg21_ver}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | | GnuPG classic | {{{gnupg1_ver}}} | {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| | [[../related_software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | @@ -100,13 +101,13 @@ |---------+--------------------+---------------------------------------------| | | <18> | | | Windows | [[http://gpg4win.org/download.html][Gpg4win]] | Installers for /GnuPG stable/ | - | | --- | Simple installer for /GnuPG modern/ | + | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG modern/ | | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG classic/ | | OS X | [[http://gpgtools.org][Mac GPG]] | Installer from the gpgtools project | | Debian | [[https://www.debian.org][Debian site]] | GnuPG stable and classic are part of Debian | | RPM | [[http://rpmfind.net/][rpmfind]] | RPM packages for different OS | | Android | [[https://guardianproject.info/code/gnupg/][Guardian project]] | Provides a GnuPG 2.1 framework | - | VMS | [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]] | A port of GnupG to OpenVMS | + | VMS | [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]] | A port of GnuPG to OpenVMS | | RISC OS | [[http://www.sbellon.de/gnupg.html][home page]] | Sources and binaries for RISC OS | |---------+--------------------+---------------------------------------------| diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org index 8bff4ed..7d70c7c 100644 --- a/web/download/integrity_check.org +++ b/web/download/integrity_check.org @@ -1,6 +1,7 @@ #+TITLE: GnuPG - Integrity Check #+STARTUP: showall #+SETUPFILE: "../share/setup.inc" +#+OPTIONS: ^:{} * Integrity Check #+index: integrity check @@ -56,9 +57,10 @@ For your convenience, all SHA-1 check-sums available for software that can be downloaded from [[ftp://ftp.gnupg.org/][our site]], have been gathered below. -# {{{gnupg21_sha1}}} gnupg-{{{gnupg21_ver}}}.tar.bz2 {{{begin_chksum}}} {{{gnupg_sha1}}} gnupg-{{{gnupg_ver}}}.tar.bz2 + {{{gnupg21_sha1}}} gnupg-{{{gnupg21_ver}}}.tar.bz2 + {{{gnupg21_w32_sha1}}} gnupg-w32-{{{gnupg21_w32_ver}}}.exe {{{gnupg1_sha1}}} gnupg-{{{gnupg1_ver}}}.tar.bz2 {{{gnupg1_sha1_gz}}} gnupg-{{{gnupg1_ver}}}.tar.gz {{{gnupg1_patch_sha1}}} gnupg-{{{gnupg1_patch_ver}}}.diff.bz2 diff --git a/web/index.org b/web/index.org index 5027f49..701dc84 100644 --- a/web/index.org +++ b/web/index.org @@ -52,6 +52,13 @@ all [[file:news.org][news of previous years]] is also available. # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.1.0 with ECC support released (2014-11-06) + +This is the first released of the new /modern/ branch of GnuPG. It +features a lot of new things including support for ECC. Read more at +the [[file:faq/whats-new-in-2.1.org][feature overview]] page and in the [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000358.html][announcement]] mail. + + ** A beta for GnuPG 2.1.0 released (2014-10-03) A beta release for the forthcoming GnuPG 2.1 version is now diff --git a/web/swdb.mac b/web/swdb.mac index 5911436..1279c6d 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -19,6 +19,12 @@ # #+macro: gnupg21_ver 2.1.0 #+macro: gnupg21_branch master +#+macro: gnupg21_size 3039k +#+macro: gnupg21_sha1 2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33 +# +#+macro: gnupg21_w32_ver 2.1.0_20141105 +#+macro: gnupg21_w32_size 6225k +#+macro: gnupg21_w32_sha1 9907cb6509a0e63331b27a92e25c1ef956caaf3b # @@ -115,8 +121,8 @@ # # GpgEX # -#+macro: gpgex_ver 1.0.1 -#+macro: gpgex_sha1 eb54767fd8e3728e8d14c7c158e0841b67c714a6 +#+macro: gpgex_ver 1.0.2 +#+macro: gpgex_sha1 8892dafc405255731b82a0c299960a5da59d3191 # commit 8bb197809ffedf711ac08332071e9fb39d1ddbbb Author: Werner Koch Date: Tue Nov 4 20:54:24 2014 +0100 faq: Finished the "What's new in 2.1" page. diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index 4fc28bb..ae1633c 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -1,95 +1,697 @@ #+TITLE: GnuPG - What?s new in 2.1 #+STARTUP: showall indent #+SETUPFILE: "share/setup.inc" +#+DATE: 2014-11-04 +#+macro: more @@html: ⇒@@ + +#+BEGIN_ASCII +A possibly revised version of this article can be found at: +https://gnupg.org/faq/whats-new-in-2.1.html +#+END_ASCII * What?s new in GnuPG 2.1 GnuPG version 2.1 comes with a bag of new features which changes some things old-timers are used to. This page explains the more important -ones. It expects that the user is somewhat familiar with GnuPG -version 2.0 and is aware that GnuPG consists of /gpg/, /gpgsm/, and -/gpg-agent/ as its main components. +ones. It expects that the reader is familiar with GnuPG version 2.0 +and aware that GnuPG consists of /gpg/, /gpgsm/, and /gpg-agent/ as +its main components. +#+html:

- The file /secring.gpg/ is not anymore used to store the secret keys. - Merging of secret keys is now supported. + Merging of secret keys is now supported.{{{more(nosecring)}}} -- All support for /PGP-2 keys/ has been removed for security reasons. +- All support for /PGP-2 keys/ has been removed for security + reasons.{{{more(nopgp2)}}} -- Support for /Elliptic Curve Cryptography/ (ECC) is now available +- The standard key generation interface is now much leaner. This will + help a new user to quickly generate a suitable + key.{{{more(leangenkey)}}} -- The standard key generation interface is much leaner now to help the - new user creating a suitable key. +- Support for /Elliptic Curve Cryptography/ (ECC) is now + available.{{{more(ecc)}}} - Commands to create and sign keys from the command line without any - extra prompts are now available. + extra prompts are now available.{{{more(quickgen)}}} -- The Pinentry dialog may now show two fields to enter a new - passphrase and a confirmation of it. +- The Pinentry may now show the new passphrase entry and the + passphrase confirmation entry in one dialog.{{{more(pinentry)}}} - There is no more need to manually start the gpg-agent. It is now - started by any part of GnuPG as needed. + started by any part of GnuPG as needed.{{{more(autostart)}}} - Problems with importing keys with the same long key id have been - addressed. + addressed.{{{more(longkid)}}} - The /dirmngr/ is now part of GnuPG proper and also takes care of - accessing keyserver. + accessing keyserver.{{{more(dirmngr)}}} -- Keyserver pools are now handled in a smarter way. +- Keyserver pools are now handled in a smarter + way.{{{more(keyserver)}}} - A new format for locally storing the public keys is now used. This - considerable speeds up operations on large keyrings. + considerable speeds up operations on large + keyrings.{{{more(keybox)}}} -- /Revocation certificates/ are now created by default. +- /Revocation certificates/ are now created by + default.{{{more(autorev)}}} - Card support has been updated, new readers and token types are - supported. + supported.{{{more(scd)}}} - The format of the key listing has been changed to better identify - the properties of a key. + the properties of a key.{{{more(keylist)}}} - The gpg-agent may now be used on Windows as /pageant/ replacement for /putty/ in the same way it is used for years on Unix as - /ssh-agent/ replacement. + /ssh-agent/ replacement.{{{more(pageant)}}} - Creation of X.509 certificates has been improved. It is now also possible to export them directly in PKCS#8 and PEM format for use on - TLS servers. + TLS servers.{{{more(x509)}}} + +- The scripts to create a Windows installer are now part of + GnuPG.{{{more(w32inst)}}} + +#+html:

+ +Now for the detailed description of these new features: + +** Removal of the secret keyring +:PROPERTIES: +:CUSTOM_ID: nosecring +:END: + +gpg used to keep the public key pairs in two files: =pubring.gpg= and +=secring.gpg=. The only difference is that secring stored in addition +to the public part also the private part of the key pair. The secret +keyring thus contained only the keys for which a private key is +available, that is the user?s key. It required a lot of code to keep +both versions of the key in sync and led to sometimes surprising +inconsistencies. + +The design of GnuPG-2 demands that only the gpg-agent has control over +the private parts of the keys and the actual encryption engine (gpg or +gpgsm) does not know about the private key but care only about session +keys and keys for symmetric encryption. This has been implemented +about 10 years ago for /gpgsm/ (the S/MIME part of GnuPG). However, +/gpg/ (the OpenPGP part) used the gpg-agent only as passphrase entry +and cache device but handles the private key itself. + +With GnuPG 2.1 this changed and /gpg/ now also delegates all private +key operations to the gpg-agent. Thus there is no more code in the +/gpg/ binary for handling private keys. En passant this allows the +long time requested ?merging of secret keys? and several other +advanced key management techniques. + +To ease the migration to the no-secring method, /gpg/ detects the +presence of a =secring.gpg= and converts the keys on-the-fly to the +the key store of /gpg-agent/ (this is the =private-keys-v1.d= +directory below the GnuPG home directory (=~/.gnupg=)). This is done +only once and an existing =secring.gpg= is then not anymore touched by +/gpg/. This allows co-existence of older GnuPG versions with GnuPG +2.1. However, any change to the private keys using the new /gpg/ will +not show up when using pre-2.1 versions of GnuPG and vice versa. + +Note that the command =--export-secret-keys= still creates an OpenPGP +compliant file with the secret keys. This is achieved by asking +/gpg-agent/ to convert a key and return it in the OpenPGP protected +format. The export operation requires that the passphrase for the key +is entered so that /gpg-agent/ is able to change the protection from +its internal format to the OpenPGP required format. -- The scripts to create a Windows installer is now part of GnuPG. +** Removal of PGP-2 support +:PROPERTIES: +:CUSTOM_ID: nopgp2 +:END: + +Some algorithms and parts of the protocols as used by the 20 years old +[[https://en.wikipedia.org/wiki/Pretty_Good_Privacy][PGP-2]] software are meanwhile considered unsafe. In particular the +baked in use of the [[https://en.wikipedia.org/wiki/MD5][MD5]] hash algorithm limits the security of PGP-2 +keys to non-acceptable rate. Technically those PGP-2 keys are called +version 3 keys (v3) and are easily identified by a shorter fingerprint +which is commonly presented as 16 separate double hex digits. + +With GnuPG 2.1 all support for those keys has gone. If they are in an +existing keyring they will eventually be removed. If GnuPG encounters +such a key on import it will not be imported due to the not anymore +implemented v3 key format. Removing the v3 key support also reduces +complexity of the code and is thus better than to keep on handling +them with a specific error message. + +There is one use case where PGP-2 keys may still be required: For +existing encrypted data. We suggest to keep a version of GnuPG 1.4 +around which still has support for these keys (it might be required to +use the =--allow-weak-digest-algos= option). A better solution is to +re-encrypt the data using a modern key. -** Removal of the secret keyring. +** Leaner key generation interface +:PROPERTIES: +:CUSTOM_ID: leangenkey +:END: -Explain... +This is best shown with an example: -** Removal of PGP-2 support +#+begin_example +$ gpg2 --gen-key +gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. -** Support for ECC +gpg: keybox '/home/foo/.gnupg/pubring.kbx' created +Note: Use "gpg --full-gen-key" for a full featured key generation dialog. -** Leaner key generation interface +GnuPG needs to construct a user ID to identify your key. + +Real name: Glenn Greenwald +Email address: glenn at example.org +You selected this USER-ID: + "Glenn Greenwald " + +Change (N)ame, (E)mail, or (O)kay/(Q)uit? o +[...] +pub rsa2048/68FD0088 2014-11-03 + Key fingerprint = 0290 5ABF 17C7 81FB C390 9B00 636A 1BBD 68FD 0088 +uid [ultimate] Glenn Greenwald +sub rsa2048/84439DCD 2014-11-03 +#+end_example + +Thus only the name and the mail address are required. For all other +parameters the default values are used. Many graphical frontends +works in the same way. Note that /gpg/ prints a hint for the old time +gpg users on how to get the full option menu. + +** Support for ECC +:PROPERTIES: +:CUSTOM_ID: ecc +:END: + +GnuPG now support Elliptic Curve keys for public key encryption. This +is defined in [[https://rfc-editor.org/info/rfc6637][RFC-6637]]. Because there is no other mainstream OpenPGP +implementation yet available which supports ECC, the use of such keys +is still very limited. Thus GnuPG 2.1 currently hides the options to +create an ECC key. + +For those who want to experiment with ECC or already want to prepare a +key for future use, the command =--gen-full-key= along with the option +=--expert= is the enabler: + +#+begin_example +$ gpg2 --expert --full-gen-key +gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) + (7) DSA (set your own capabilities) + (8) RSA (set your own capabilities) + (9) ECC and ECC + (10) ECC (sign only) + (11) ECC (set your own capabilities) +Your selection? 9 +Please select which elliptic curve you want: + (2) NIST P-256 + (3) NIST P-384 + (4) NIST P-521 + (5) Brainpool P-256 + (6) Brainpool P-384 + (7) Brainpool P-512 +Your selection? 2 +Please specify how long the key should be valid. + 0 = key does not expire + = key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +Key is valid for? (0) +Key does not expire at all +Is this correct? (y/N) y + +GnuPG needs to construct a user ID to identify your key. + +Real name: Edward Snowden +Email address: edward at example.org +Comment: +You selected this USER-ID: + "Edward Snowden " + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o +[...] +pub nistp256/382660E3 2014-11-03 + Key fingerprint = E630 27CF 3D68 22A7 6FF2 093E D179 9E72 3826 60E3 +uid [ultimate] Edward Snowden +sub nistp256/48C9A997 2014-11-03 nistp256 +#+end_example + +In this example we created a primary ECC key for signing and an subkey +for encryption. For both we use the NIST P-256 curve. The key may +now be used in the same way as any other key. It is possible to add +an RSA subkey or one can create an RSA or DSA main key and add an ECC +subkey for signing or encryption. Note that the list of offered +curves depends on the installed Libgcrypt version. + +For many people the NIST and also the Brainpool curves have an +doubtful origin and thus the plan for GnuPG is to use Bernstein?s +[[http://cr.yp.to/ecdh/curve25519-20060209.pdf][Curve 25519]] as default. GnuPG 2.1.0 already comes with support for +signing keys using the [[http://dx.doi.org/10.1007/s13389-012-0027-1][Ed25519]] variant of this curve. This has not +yet been standardized by the IETF (i.e. there is no RFC) but we won?t +wait any longer and go ahead using the proposed format for this +signing algorithm. The format for an encryption key has not yet been +finalized and will be added to GnuPG in one of the next point +releases. Recall that an encryption subkey can be added to a key at +any time. If you want to create a signing key you may do it this way: + +#+begin_example +$ gpg2 --expert --full-gen-key +gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) + (7) DSA (set your own capabilities) + (8) RSA (set your own capabilities) + (9) ECC and ECC + (10) ECC (sign only) + (11) ECC (set your own capabilities) +Your selection? 10 +Please select which elliptic curve you want: + (1) Curve 25519 + (2) NIST P-256 + (3) NIST P-384 + (4) NIST P-521 + (5) Brainpool P-256 + (6) Brainpool P-384 + (7) Brainpool P-512 +Your selection? 1 +gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard. +Use this curve anyway? (y/N) y +Please specify how long the key should be valid. + 0 = key does not expire + = key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +Key is valid for? (0) +Key does not expire at all +Is this correct? (y/N) y + +GnuPG needs to construct a user ID to identify your key. + +Real name: Laura Poitras +Email address: laura at example.org +Comment: +You selected this USER-ID: + "Laura Poitras " + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o +[...] +pub ed25519/5C1AFC2A 2014-11-03 + Key fingerprint = ED85 4D98 5D8F 502F C6C5 FFB2 AA81 319E 5C1A FC2A +uid [ultimate] Laura Poitras +#+end_example + +Support for ECC keys is available only on some keyservers but it is +expected that this will be fixed over the next few months. ** Quick generate and sign commands +:PROPERTIES: +:CUSTOM_ID: quickgen +:END: + +Sometimes it is useful to use only command line options without any +parameter file or interactive prompts for generating a key or to sign a +key. This can now be accomplished with a few new commands: + +#+begin_example +$ gpg2 --batch --quick-gen-key 'Daniel Ellsberg ' +gpg: key 911B90A9 marked as ultimately trusted +#+end_example + +If a key with that user id already exists, gpg bails out with an error +message. You can force creation using the option =--yes=. If you +want some more control, you may not use =--batch= and gpg will ask for +confirmation and show the resulting key: + +#+begin_example +$ gpg2 --quick-gen-key 'Daniel Ellsberg ' +About to create a key for: + "Daniel Ellsberg " + +Continue? (Y/n) y +gpg: A key for "Daniel Ellsberg " already exists +Create anyway? (y/N) y +gpg: creating anyway +[...] +pub rsa2048/BD19AC1C 2014-11-04 + Key fingerprint = 15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C +uid [ultimate] Daniel Ellsberg +sub rsa2048/72A4D018 2014-11-04 +#+end_example + +Another common operation is to sign a key. /gpg/ can do this directly +from the command line by giving the fingerprint of the to-be-signed +key: + +#+begin_example +$ gpg2 --quick-sign-key '15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C' + +pub rsa2048/BD19AC1C + created: 2014-11-04 expires: never usage: SC + trust: ultimate validity: ultimate + Primary key fingerprint: 15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C + + Daniel Ellsberg + +#+end_example + +In case the key has already been signed, the command prints a note and +exits with success. In case you want to check that it really worked, +use ==--check-sigs= as usual: + +#+begin_example +$ gpg2 --check-sigs '15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C' +gpg: checking the trustdb +gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model +gpg: depth: 0 valid: 6 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 6u +pub rsa2048/BD19AC1C 2014-11-04 +uid [ full ] Daniel Ellsberg +sig!3 BD19AC1C 2014-11-04 Daniel Ellsberg +sig! 68FD0088 2014-11-04 Glenn Greenwald +sub rsa2048/72A4D018 2014-11-04 +sig! BD19AC1C 2014-11-04 Daniel Ellsberg +#+end_example + + +The fingerprint may also be given without the spaces in which case +there is no need for the quotes. If you want to sign only certain +user ids of a key, list those user id verbatim after the fingerprint. +To create a non-exportable key signature, use the command +=--quick-lsign-key= instead. ** Improved Pinentry support +:PROPERTIES: +:CUSTOM_ID: pinentry +:END: + +When using a recent Pinentry module (0.90, GTK+ variant), the +gpg-agent will not anymore show two separate Pinentry dialogs to enter +a new passphrase and later to confirm the new passphrase. Instead the +first dialog also has the confirm/repeat entry and internally checks +whether they match. + +With any Pinentry version the several separate dialogs to inform and +ask for confirmation about questionable properties of a new passphrase +(e.g. length, only alpha letters) have been combined into one dialog +to show all non-asserted constraints at once. + +The GTK+ Pinentry does now allow pasting of values into the entries. +Copying them from the entries is still inhibited on purpose. +Depending on the system, the option =no-grab= may be required for in +the =gpg-agent.conf= file to actually make use of the paste feature. ** Auto-start of the gpg-agent +:PROPERTIES: +:CUSTOM_ID: autostart +:END: + +The /gpg-agent/ is the central part of the GnuPG system. It takes +care of all private (secret) keys and if required diverts operations +to a smartcard or other token. It also provides support for the +Secure Shell by implementing the ssh-agent protocol. + +The classic way to run /gpg-agent/ on Unix systems is by launching it +at login time and use an environment variable (=GPG_AGENT_INFO=) to +tell the other GnuPG modules how to connect to the agent. However, +correctly managing the start up and this environment variable is +cumbersome so that that an easier method is required. Since GnuPG +2.0.16 the =--use-standard-socket= option already allowed to start the +agent on the fly; however the environment variable was still required. + +With GnuPG 2.1 the need of =GPG_AGENT_INFO= has been completely +removed and the variable is ignored. Instead a fixed Unix domain +socket named =S.gpg-agent= in the GnuPG home directory (by default +=~/.gnupg=) is used. The agent is also started on demand by all tools +requiring services from the agent. + +If the option =--enable-ssh-support= is used the auto-start mechanism +does not work because /ssh/ does not know about this mechanism. +Instead it is required that the environment variable =SSH_AUTH_SOCK= +is set to the =S.gpg-agent.ssh= socket in the GnuPG home directory. +Further /gpg-agent/ must be started: Either by using a GnuPG command +which implicitly starts /gpg-agent/ or by using =gpgconf --launch +gpg-agent= to explicitly start it if not yet done. ** Duplicate long key id fixes +:PROPERTIES: +:CUSTOM_ID: longkid +:END: + +A deficit of the OpenPGP protocol is that signatures carry only a +limited indication on which public has been used to create a +signature. Thus a verification engine may only use this ?long key id? +to look up the the key in its own store or from a public keyserver. +Unfortunately it has now become possible to create a key with a long +key id matching the key id of another key. Importing a key with a +long key id already used by another key in gpg?s local key store was +not possible due to checks done on import. Now, if the ?wrong? key +has been imported first /gpg/ would not allow to later import the +second ?correct? key. This problem has been fixed in 2.1 by allowing +the import and by doing trial verification against all matching keys. ** Enhanced Dirmngr +:PROPERTIES: +:CUSTOM_ID: dirmngr +:END: + +Before version 2.1, /gpg/ used so-called keyserver helpers to access +the OpenPGP keyservers. A problem with that is that they are short +living processes which are not able to keep a state. With 2.1, the +formerly separate package Dirmngr (which was separate due to copyright +assignment reasons) has been integrated into GnuPG. + +In the past /dirmngr/ was only used by /gpgsm/ for X.509 (S/MIME) CRL +and OCSP handling. Being a proper part of GnuPG /dirmngr/ does now +also care about accessing OpenPGP keyservers. This make its easier to +debug problems with the keyservers and to exchange additional +information about the keyserver between /gpg/ and /dirmngr/. It will +eventually also be possible to run background tasks to refresh keys. + +Although the ability to start /dirmngr/ as a system service is still +available, this is not anymore recommended and instead /dirmngr/ is +now by default started on-demand, very similar to /gpg-agent/. ** Better keyserver pool support +:PROPERTIES: +:CUSTOM_ID: keyserver +:END: + +For load balancing reasons, keyservers are organized in pools to +enable instant round-robin DNS assignment of random keyservers. A +problem with that approach is that the DNS resolver is not aware of +the state of the keyserver. If a keyserver has gone down or a routing +problems occurs, /gpg/ and its keyserver helpers were not ware of it +and would try over and over to use the same, dead, keyserver up until +the DNS information expires and a the DNS resolver assigned a new +server from the pool. + +The new /dirmngr/ in GnuPG does not use the implicit round-robin of +the DNS resolver but uses its own DNS look up and keeps an internal +table of all hosts from the pool along with the encountered aliveness +state. Thus after a failure (timeout) of a request, /dirmngr/ flags a +host as dead and randomly selects another one from the pool. After a +few hours the flag is removed so that the host will be tried again. +It is also possible to mark a specif host from a pool explicitly as +dead so that it won?t be used in future. To interact with the +/dirmngr/ the =gpg-connect-agent= tool is used: + +#+begin_example +$ gpg-connect-agent --dirmngr 'help keyserver' /bye +$ gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye +#+end_example + +The first command prints a help screen for the keyserver command and +the second command prints the current host table. ** Faster keyring format +:PROPERTIES: +:CUSTOM_ID: keybox +:END: + +The format GnuPG has always used for the public keyring is actually a +slightly extended version of the on-the-wire format for OpenPGP key +exchange. This format is quite inflexible to work with when random +access to keys in the keyring is required. In fact /gpg/ always +parsed all keys in the keyring until it encountered the desired one. +With a large keyring (more than a few thousand keys) this could be +quite slow. + +From its very beginning /gpgsm/ has used a different format to store +public keys (certificates) which we call a /keybox/. That file format +carries meta information about the stored keys and thus allows +searching without actually parsing the key and computing fingerprints +and such. The /keybox/ format has been designed protocol independent +and with 2.1 support for OpenPGP keys has been added. Random access +to the keys is now really fast and keyrings with 30000 keys and more +are now easily possible. That change also enables us to easily +introduce other storage methods + +If no =pubring.gpg= is found, /gpg/ defaults to the new /keybox/ +format and creates a =pubring.kbx= keybox file. If such a keybox file +already exists, for example due to the use of /gpgsm/, it will also be +used for OpenPGP keys. However, if a =pubring.gpg= is found and no +keybox file with OpenPGP keys exists, the old =pubring.gpg= will be +used. Take care: GnuPG versions before 2.1 will always use the +=pubring.gpg= file and not know anything about keys stored in the +keybox file. + +To convert an existing =pubring.gpg= file to the keybox format, you +first rename the file to (for example) =publickeys= so it won?t be +recognized by any GnuPG version and then you run the command + +#+begin_example +$ gpg2 --import publickeys +#+end_example + +You may then rename the =publickeys= file back so that it can be used +by older GnuPG versions. Remember that in this case you have two +independent copies of the public keys. -** Auto-generated revocation certificates -** Imporved card support +** Auto-generated revocation certificates +:PROPERTIES: +:CUSTOM_ID: autorev +:END: + +This version creates an ASCII armored revocation certificate for each +generated keypair and stores that certificate in a file named after +the fingerprint of the key in the =openpgp-revocs.d= directory below +the GnuPG home directory. Brief instructions on how to use this +revocation certificate are put at the top of the file. + +** Improved card support +:PROPERTIES: +:CUSTOM_ID: scd +:END: + +The /scdaemon/, which is responsible for accessing smardcards and +other tokens, has received may updates. In particular plugable USB +readers with a fixed card now work smoothless and similar to standard +readers. The latest features of the /gnuk/ token are supported. Code +for the HSM smartcard has been added. More card readers with a PIN +pad are supported. The internal CCID driver does now also work with +certain non-auto configuration equipped readers. ** New format for key listings +:PROPERTIES: +:CUSTOM_ID: keylist +:END: + +Due to the introduction of ECC keys the old format to list keys was +not anymore suitable. In particular, the length of an ECC key is +defined but its expressiveness is limited without the other parameters +of the curve. The common way to describe an ECC key is by using the +assigned name of its curve. To allow for a common description +we now either use the algorithm name with appended key length or use +the name of the curve: + +#+begin_example +pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31] +pub dsa2048/1E42B367 2007-12-31 [expires: 2018-12-31] +pub ed25519/0AA914C9 2014-10-18 +#+end_example + +The first two lines show the same key in the old format and in the new +format. The third line shows an example of an ECC key using the +ed25519 curve. + +As a further change the validity of a key is now shown by default; +that is =show-uid-validity= is implicitly used for the +=--list-options=. + +The annotated key listing produced by the =--with-colons= options did +not change. However a couple of new fields have been added, for +example if the new option =--with-secret-= is used the ?S/N of a token +field? indicates the presence of a secret key even in a public key +listing. This option is supported by recent [[https://gnupg.org/related_software/gpgme/][GPGME]] versions and makes +writing of key manager software easier. ** Support for Putty +:PROPERTIES: +:CUSTOM_ID: pageant +:END: -** Improved X.509 certificate creation +On Windows the new option =--enable-putty-support= allows gpg-agent to +act as a replacement for [[http://www.chiark.greenend.org.uk/~sgtatham/putty/][Putty]]?s authentication agent /Pageant/. It +is the Windows counterpart for the =--enable-ssh-support= option as +used on Unix. -** Included code for a Windows installer +** Improved X.509 certificate creation +:PROPERTIES: +:CUSTOM_ID: x509 +:END: + +In addition to an improved certificate signing request menu, it is now +possible to create a self-signed certificate using the interactive +menu of /gpgsm/. + +In batch mode the certificate creation dialog can now be controlled by +a parameter file with several new keywords. Such a parameter file +allows the creation of arbitrary X.509 certificates similar to what +can be done with /openssl/. It may this be used as the base for a CA +software. For details see the ?CSR and certificate creation? section +in the manual. + +The new commands =--export-secret-key-p8= and --export-secret-key-raw= +may be used to export a secret key directly in PKCS#8 or PKCS#1 +format. Thus X.509 certificates for TLS use may be managed by /gpgsm/ +and directly exported in a format suitable for OpenSSL based servers. + +** Scripts to create a Windows installer +:PROPERTIES: +:CUSTOM_ID: w32inst +:END: + +GnuPG now comes with the /speedo/ build system which may be used to +quickly download and build GnuPG and all its direct dependencies on a +decent Unix system. See the README file for more instructions. + +The very same script may also be used to build a complete NSIS based +installer for Windows using the mingw-w64 cross-compiler toolchain. +That installer will feature GnuPG proper, GPA as graphical frontend, +and GpgEX as a Windows Explorer extension. GnuPG needs to be unpacked +and from the top source directory you run this command + +#+begin_example +make -f build-aux/speedo.mk w32-installer +#+end_example + +This command downloads all direct dependencies, checks the signatures +using the GnuPG version from the build system (all Linux distros +feature a suitable GnuPG tool), builds everything from source, and uses +NSIS to create the installer. Although this sounds easy, some +experience in setting up a development machine is still required. +Some versions of the toolchain exhibit bugs and thus your mileage may +vary. Support for keyserver access over TLS is currently not +available but will be added with one of the next point releases. + + + +#+BEGIN_ASCII +# Copyright 2014 The GnuPG Project. +# This work is licensed under the Creative Commons +# Attribution-ShareAlike 4.0 International License. To view a copy of +# this license, visit http://creativecommons.org/licenses/by-sa/4.0/ +# or send a letter to Creative Commons, PO Box 1866, Mountain View, CA +# 94042, USA. +# +# The canonical source for this article can be found in the gnupg-doc +# git repository as web/faq/whats-new-in-2.1.org. +#+END_ASCII diff --git a/web/share/site.css b/web/share/site.css index 4e056c6..382ffcb 100644 --- a/web/share/site.css +++ b/web/share/site.css @@ -387,6 +387,17 @@ div.outline-text-3 { } */ +.morelink { + font-size: smaller; + font-variant: normal; + font-weight: normal; + text-decoration: none; +} + +.morelink:after { + content: "{more}"; +} + #cpyright { padding-top: 4em; commit eacffee435910dc5c2199f25a5de8bcee2d09467 Author: Werner Koch Date: Tue Nov 4 20:53:02 2014 +0100 web: Add pointer to an Android version to the download page. Also remove the dead link to Unix Security software. diff --git a/web/download/index.org b/web/download/index.org index c07d7b9..a9dfbc5 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -96,19 +96,19 @@ also that some of them apply security patches on top of the standard versions but keep the original version number. - | OS | Where | Description | - |---------+-----------------+---------------------------------------------| - | | <15> | | - | Windows | [[http://gpg4win.org/download.html][Gpg4win]] | Installers for /GnuPG stable/ | - | | --- | Simple installer for /GnuPG modern/ | + | OS | Where | Description | + |---------+--------------------+---------------------------------------------| + | | <18> | | + | Windows | [[http://gpg4win.org/download.html][Gpg4win]] | Installers for /GnuPG stable/ | + | | --- | Simple installer for /GnuPG modern/ | | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG classic/ | - | OS X | [[http://gpgtools.org][Mac GPG]] | Installer from the gpgtools project | - | Debian | [[https://www.debian.org][Debian site]] | GnuPG stable and classic are part of Debian | - | RPM | [[http://rpmfind.net/][rpmfind]] | RPM packages for different OS | - | Unix | [[http://gnupg.unixsecurity.com.br][Unix Security]] | Packages for some other POSIX systems | - | VMS | [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]] | A port of GnupG to OpenVMS | - | RISC OS | [[http://www.sbellon.de/gnupg.html][home page]] | Sources and binaries for RISC OS | - |---------+-----------------+---------------------------------------------| + | OS X | [[http://gpgtools.org][Mac GPG]] | Installer from the gpgtools project | + | Debian | [[https://www.debian.org][Debian site]] | GnuPG stable and classic are part of Debian | + | RPM | [[http://rpmfind.net/][rpmfind]] | RPM packages for different OS | + | Android | [[https://guardianproject.info/code/gnupg/][Guardian project]] | Provides a GnuPG 2.1 framework | + | VMS | [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]] | A port of GnupG to OpenVMS | + | RISC OS | [[http://www.sbellon.de/gnupg.html][home page]] | Sources and binaries for RISC OS | + |---------+--------------------+---------------------------------------------| # eof # commit 89f1a299bb6f4e0f3ef9e513aca88e67aa6b8655 Author: Werner Koch Date: Mon Nov 3 17:01:10 2014 +0100 web: Use standard colors for the links for easier reading. diff --git a/web/share/site.css b/web/share/site.css index c856a6b..4e056c6 100644 --- a/web/share/site.css +++ b/web/share/site.css @@ -52,7 +52,7 @@ h3:first-letter { */ a:link { - color: #784c6c; +/* color: #784c6c;*/ font-weight: bold; text-decoration: none; } @@ -64,7 +64,7 @@ a:hover { } a:visited { - color: #5c6064; +/* color: #5c6064; */ font-weight: bold; text-decoration: none; } ----------------------------------------------------------------------- Summary of changes: web/documentation/manuals.org | 5 +- web/download/index.org | 27 +- web/download/integrity_check.org | 4 +- web/faq/whats-new-in-2.1.org | 664 ++++++++++++++++++++++++++++++++++++-- web/index.org | 7 + web/share/site.css | 15 +- web/swdb.mac | 10 +- 7 files changed, 681 insertions(+), 51 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 6 14:59:56 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 06 Nov 2014 14:59:56 +0100 Subject: [git] gnupg-doc - branch, master, updated. 0968808af5bf30458796921ad32e3c0abaa354f5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 0968808af5bf30458796921ad32e3c0abaa354f5 (commit) from 8def37abf07d60384864377829a42e3849578623 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0968808af5bf30458796921ad32e3c0abaa354f5 Author: Werner Koch Date: Thu Nov 6 15:00:21 2014 +0100 faq: Typo fix and link to the wiki. diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index ae1633c..e5e6f71 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -582,10 +582,10 @@ revocation certificate are put at the top of the file. :END: The /scdaemon/, which is responsible for accessing smardcards and -other tokens, has received may updates. In particular plugable USB +other tokens, has received many updates. In particular plugable USB readers with a fixed card now work smoothless and similar to standard -readers. The latest features of the /gnuk/ token are supported. Code -for the HSM smartcard has been added. More card readers with a PIN +readers. The latest features of the [[http://www.fsij.org/doc-gnuk/][gnuk]] token are supported. Code +for the SmartCard-HSM has been added. More card readers with a PIN pad are supported. The internal CCID driver does now also work with certain non-auto configuration equipped readers. @@ -679,8 +679,10 @@ feature a suitable GnuPG tool), builds everything from source, and uses NSIS to create the installer. Although this sounds easy, some experience in setting up a development machine is still required. Some versions of the toolchain exhibit bugs and thus your mileage may -vary. Support for keyserver access over TLS is currently not -available but will be added with one of the next point releases. +vary. See the [[https://wiki.gnupg.org/Build2.1_Windows][Wiki]] for more info. + +Support for keyserver access over TLS is currently not available but +will be added with one of the next point releases. ----------------------------------------------------------------------- Summary of changes: web/faq/whats-new-in-2.1.org | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 6 15:59:11 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 06 Nov 2014 15:59:11 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.1-12-g8031341 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8031341283f4fcb1f226aa6f66bc5a6042586815 (commit) from 4027a0a89724df3aeef8a964c529548d724b6a5a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8031341283f4fcb1f226aa6f66bc5a6042586815 Author: Werner Koch Date: Thu Nov 6 15:59:06 2014 +0100 Improve the debug output a bit. * src/debug.h (TRACE_ERR): Include the line number in the output. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index b23e7b1..45c359d 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -6089,7 +6089,8 @@ may use @acronym{GPGME}'s built in trace feature. This feature is either enabled using the environment variable @code{GPGME_DEBUG} or, if this is not possible, by calling the function @code{gpgme_set_global_flag}. The value is the trace level and -an optional file name. +an optional file name. If no file name is given the trace output is +printed to @code{stderr}. @noindent For example diff --git a/src/debug.h b/src/debug.h index c99b700..d0db573 100644 --- a/src/debug.h +++ b/src/debug.h @@ -187,8 +187,8 @@ _gpgme_trace_gpgme_error (gpgme_error_t err, const char *file, int line) #define TRACE_ERR(err) \ err == 0 ? (TRACE_SUC ()) : \ - (_gpgme_debug (_gpgme_trace_level, "%s: error: %s <%s>\n", \ - _gpgme_trace_func, gpgme_strerror (err), \ + (_gpgme_debug (_gpgme_trace_level, "%s:%d: error: %s <%s>\n", \ + _gpgme_trace_func, __LINE__, gpgme_strerror (err), \ gpgme_strsource (err)), _gpgme_debug_frame_end (), (err)) /* The cast to void suppresses GCC warnings. */ #define TRACE_SYSRES(res) \ ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 3 ++- src/debug.h | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 7 18:10:32 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 07 Nov 2014 18:10:32 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.1.2-4-g2f040c0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 2f040c0b7bcfdddf5e3597fbcdae9cc04fafe653 (commit) via 3003c5d70febc8d4b6be9c95ca6deda7b033cabc (commit) via 1023508f210cd136992661c01b55b428de86a182 (commit) from 416d045b196464c408bed587d1ecf5496924bddf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2f040c0b7bcfdddf5e3597fbcdae9cc04fafe653 Author: Werner Koch Date: Fri Nov 7 18:11:00 2014 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index a1f1609..326196d 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Noteworthy changes in version 2.1.4 (unreleased) [C4/A4/R_] +------------------------------------------------ + Noteworthy changes in version 2.1.3 (2014-11-07) [C4/A4/R3] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 793b451..d03fd58 100644 --- a/configure.ac +++ b/configure.ac @@ -31,7 +31,7 @@ min_automake_version="1.10" m4_define([mym4_package],[libassuan]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [1]) -m4_define([mym4_micro], [3]) +m4_define([mym4_micro], [4]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit 3003c5d70febc8d4b6be9c95ca6deda7b033cabc Author: Werner Koch Date: Fri Nov 7 18:02:49 2014 +0100 Release 2.1.3. * configure.ac: Set LT version to C4/A4/R3. diff --git a/NEWS b/NEWS index 0b3bdcf..a1f1609 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ -Noteworthy changes in version 2.1.3 (unreleased) [C4/A4/R_] +Noteworthy changes in version 2.1.3 (2014-11-07) [C4/A4/R3] ------------------------------------------------ + * Performance fix for Windows. + Noteworthy changes in version 2.1.2 (2014-08-17) [C4/A4/R2] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index baa01dc..793b451 100644 --- a/configure.ac +++ b/configure.ac @@ -60,7 +60,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # LIBASSUAN_LT_CURRENT=4 LIBASSUAN_LT_AGE=4 -LIBASSUAN_LT_REVISION=2 +LIBASSUAN_LT_REVISION=3 # If the API is changed in an incompatible way: increment the next counter. LIBASSUAN_CONFIG_API_VERSION=2 commit 1023508f210cd136992661c01b55b428de86a182 Author: Werner Koch Date: Fri Nov 7 17:20:19 2014 +0100 w32: Remove I/O delays due to our 100ms delay after an EAGAIN. * src/system-w32.c (__assuan_read): Retry using select. Map WSAECONNRESET to EPIPE. (__assuan_write): Retry using select. * src/assuan-buffer.c (readline) [W32]: Return EOF instead of EPIPE. diff --git a/src/assuan-buffer.c b/src/assuan-buffer.c index f2238e7..04aff5a 100644 --- a/src/assuan-buffer.c +++ b/src/assuan-buffer.c @@ -80,6 +80,15 @@ readline (assuan_context_t ctx, char *buf, size_t buflen, { if (errno == EINTR) continue; +#ifdef HAVE_W32_SYSTEM + if (errno == EPIPE) + { + /* Under Windows we get EPIPE (actually ECONNRESET) + after termination of the client. Assume an EOF. */ + *r_eof = 1; + break; /* allow incomplete lines */ + } +#endif /*HAVE_W32_SYSTEM*/ return -1; /* read error */ } else if (!n) diff --git a/src/system-w32.c b/src/system-w32.c index 3ee5359..85b8fa8 100644 --- a/src/system-w32.c +++ b/src/system-w32.c @@ -197,9 +197,27 @@ __assuan_read (assuan_context_t ctx, assuan_fd_t fd, void *buffer, size_t size) if (is_socket (fd)) { + int tries = 3; + + again: + ec = 0; res = recv (HANDLE2SOCKET (fd), buffer, size, 0); if (res == -1) ec = WSAGetLastError (); + if (ec == WSAEWOULDBLOCK && tries--) + { + /* EAGAIN: Use select to wait for resources and try again. + We do this 3 times and then give up. The higher level + layer then needs to take care of EAGAIN. No need to + specify a timeout - the socket is not expected to be in + blocking mode. */ + fd_set fds; + + FD_ZERO (&fds); + FD_SET (HANDLE2SOCKET (fd), &fds); + select (0, &fds, NULL, NULL, NULL); + goto again; + } } else { @@ -224,6 +242,7 @@ __assuan_read (assuan_context_t ctx, assuan_fd_t fd, void *buffer, size_t size) gpg_err_set_errno (EAGAIN); break; + case WSAECONNRESET: /* Due to the use of recv. */ case ERROR_BROKEN_PIPE: gpg_err_set_errno (EPIPE); break; @@ -247,9 +266,27 @@ __assuan_write (assuan_context_t ctx, assuan_fd_t fd, const void *buffer, if (is_socket (fd)) { + int tries = 3; + + again: + ec = 0; res = send (HANDLE2SOCKET (fd), buffer, size, 0); if (res == -1) ec = WSAGetLastError (); + if (ec == WSAEWOULDBLOCK && tries--) + { + /* EAGAIN: Use select to wait for resources and try again. + We do this 3 times and then give up. The higher level + layer then needs to take care of EAGAIN. No need to + specify a timeout - the socket is not expected to be in + blocking mode. */ + fd_set fds; + + FD_ZERO (&fds); + FD_SET (HANDLE2SOCKET (fd), &fds); + select (0, NULL, &fds, NULL, NULL); + goto again; + } } else { ----------------------------------------------------------------------- Summary of changes: NEWS | 7 ++++++- configure.ac | 4 ++-- src/assuan-buffer.c | 9 +++++++++ src/system-w32.c | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 54 insertions(+), 3 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 7 18:42:55 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 07 Nov 2014 18:42:55 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-7-g7362c8c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7362c8c6e60939588e817384ae2e29195cb3f518 (commit) via f0f5cb6b3e525f696b8820c517190e1d84f3b885 (commit) via c7c79e31937e2d2fdb4042641786c229e31fbfae (commit) via f7e1be24c8fcf588d4e48aa53a85b22bd035e3b0 (commit) from e0db5af7ed9c2872cfdbf2adadcf49b954d85af3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7362c8c6e60939588e817384ae2e29195cb3f518 Author: Werner Koch Date: Fri Nov 7 18:42:37 2014 +0100 gpg: Remove warning message for non-implemented search modes. * kbx/keybox-search.c (keybox_search): Silently ignore. * doc/specify-user-id.texi: Docuement '@", '+', and '.' search prefixes. diff --git a/doc/gpg.texi b/doc/gpg.texi index cfd46a6..1154cd9 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1,4 +1,4 @@ - @c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + at c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, @c 2008, 2009, 2010 Free Software Foundation, Inc. @c This is part of the GnuPG manual. @c For copying conditions, see the file gnupg.texi. diff --git a/doc/specify-user-id.texi b/doc/specify-user-id.texi index 2eee024..c49edad 100644 --- a/doc/specify-user-id.texi +++ b/doc/specify-user-id.texi @@ -85,14 +85,14 @@ with left and right angles. @end cartouche - at item By word match. -All words must match exactly (not case sensitive) but can appear in any -order in the user ID or a subjects name. Words are any sequences of -letters, digits, the underscore and all characters with bit 7 set. + at item By partial match on an email address. +This is indicated by prefixing the search string with an @code{@@}. +This uses a substring search but considers only the mail address +(i.e. inside the angle brackets). @cartouche @example -+Heinrich Heine duesseldorf +@@heinrichh @end example @end cartouche @@ -156,8 +156,12 @@ Heine @end example @end cartouche - at end itemize + at item . and + prefixes +These prefixes are reserved for looking up mails anchored at the end +and for a word search mode. They are not yet implemented and using +them is undefined. + at end itemize Please note that we have reused the hash mark identifier which was used in old GnuPG versions to indicate the so called local-id. It is not diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index 10a71c4..6e72d0b 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -907,7 +907,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc, break; case KEYDB_SEARCH_MODE_MAILEND: case KEYDB_SEARCH_MODE_WORDS: - never_reached (); /* not yet implemented */ + /* not yet implemented */ break; case KEYDB_SEARCH_MODE_ISSUER: if (has_issuer (blob, desc[n].u.name)) commit f0f5cb6b3e525f696b8820c517190e1d84f3b885 Author: Werner Koch Date: Fri Nov 7 18:21:50 2014 +0100 w32: Fix http access module. * common/http.c (write_server) [W32]: Rework to use send() instead of write even when build with npth. (cookie_read) [W32]: Rework to use recv() instead of read even when build with npth. diff --git a/common/http.c b/common/http.c index 413efd8..f129010 100644 --- a/common/http.c +++ b/common/http.c @@ -2320,14 +2320,20 @@ write_server (int sock, const char *data, size_t length) nleft = length; while (nleft > 0) { -#if defined(HAVE_W32_SYSTEM) && !defined(USE_NPTH) +#if defined(HAVE_W32_SYSTEM) +# if defined(USE_NPTH) + npth_unprotect (); +# endif nwritten = send (sock, data, nleft, 0); +# if defined(USE_NPTH) + npth_protect (); +# endif if ( nwritten == SOCKET_ERROR ) { log_info ("network write failed: ec=%d\n", (int)WSAGetLastError ()); return gpg_error (GPG_ERR_NETWORK); } -#else /*!HAVE_W32_SYSTEM || USE_NPTH*/ +#else /*!HAVE_W32_SYSTEM*/ # ifdef USE_NPTH nwritten = npth_write (sock, data, nleft); # else @@ -2349,7 +2355,7 @@ write_server (int sock, const char *data, size_t length) log_info ("network write failed: %s\n", strerror (errno)); return gpg_error_from_syserror (); } -#endif /*!HAVE_W32_SYSTEM || USE_NPTH*/ +#endif /*!HAVE_W32_SYSTEM*/ nleft -= nwritten; data += nwritten; } @@ -2404,14 +2410,25 @@ cookie_read (void *cookie, void *buffer, size_t size) { do { -#ifdef USE_NPTH - nread = npth_read (c->sock->fd, buffer, size); -#elif defined(HAVE_W32_SYSTEM) +#ifdef HAVE_W32_SYSTEM /* Under Windows we need to use recv for a socket. */ +# if defined(USE_NPTH) + npth_unprotect (); +# endif nread = recv (c->sock->fd, buffer, size, 0); -#else +# if defined(USE_NPTH) + npth_protect (); +# endif + +#else /*!HAVE_W32_SYSTEM*/ + +# ifdef USE_NPTH + nread = npth_read (c->sock->fd, buffer, size); +# else nread = read (c->sock->fd, buffer, size); -#endif +# endif + +#endif /*!HAVE_W32_SYSTEM*/ } while (nread == -1 && errno == EINTR); } commit c7c79e31937e2d2fdb4042641786c229e31fbfae Author: Werner Koch Date: Fri Nov 7 18:20:06 2014 +0100 build: Add method to use a custom swdb.lst and use adns with Windows. * build-aux/getswdb.sh: Add option --skip-verify. * build-aux/speedo.mk: Add config var CUSTOM_SWDB. Tage adns version from swdb and build for Windows with adns. diff --git a/build-aux/getswdb.sh b/build-aux/getswdb.sh index 8b1d5e5..fec9f88 100755 --- a/build-aux/getswdb.sh +++ b/build-aux/getswdb.sh @@ -34,6 +34,7 @@ Usage: $(basename $0) [OPTIONS] Get the online version of the GnuPG software version database Options: --skip-download Assume download has already been done. + --skip-verify Do not check signatures --find-sha1sum Print the name of the sha1sum utility --help Print this help. EOF @@ -44,6 +45,7 @@ EOF # Parse options # skip_download=no +skip_verify=no find_sha1sum=no while test $# -gt 0; do case "$1" in @@ -63,6 +65,9 @@ while test $# -gt 0; do --skip-download) skip_download=yes ;; + --skip-verify) + skip_verify=yes + ;; --find-sha1sum) find_sha1sum=yes ;; @@ -96,10 +101,12 @@ fi version=$(cat "$srcdir/../VERSION") version_num=$(echo "$version" | cvtver) -if ! $GPGV --version >/dev/null 2>/dev/null ; then - echo "command \"gpgv\" is not installed" >&2 - echo "(please install an older version of GnuPG)" >&2 - exit 1 +if [ $skip_verify = no ]; then + if ! $GPGV --version >/dev/null 2>/dev/null ; then + echo "command \"gpgv\" is not installed" >&2 + echo "(please install an older version of GnuPG)" >&2 + exit 1 + fi fi # @@ -110,9 +117,11 @@ if [ $skip_download = yes ]; then echo "swdb.lst is missing." >&2 exit 1 fi - if [ ! -f swdb.lst.sig ]; then + if [ $skip_verify = no ]; then + if [ ! -f swdb.lst.sig ]; then echo "swdb.lst.sig is missing." >&2 exit 1 + fi fi else if ! $WGET --version >/dev/null 2>/dev/null ; then @@ -124,14 +133,18 @@ else echo "download of swdb.lst failed." >&2 exit 1 fi - if ! $WGET -q -O swdb.lst.sig "$urlbase/swdb.lst.sig" ; then + if [ $skip_verify = no ]; then + if ! $WGET -q -O swdb.lst.sig "$urlbase/swdb.lst.sig" ; then echo "download of swdb.lst.sig failed." >&2 exit 1 + fi fi fi -if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then +if [ $skip_verify = no ]; then + if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then echo "list of software versions is not valid!" >&2 exit 1 + fi fi # diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 63d508d..f9490cb 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -58,10 +58,10 @@ help: @echo ' w32-installer Build a Windows installer' @echo ' w32-source Pack a source archive' @echo - @echo 'You may append INSTALL_REFIX= for native builds.' + @echo 'You may append INSTALL_PREFIX= for native builds.' @echo 'Prepend TARGET with "git-" to build from GIT repos.' @echo 'Prepend TARGET with "this-" to build from the source tarball.' - + @echo 'Use CUSTOM_SWDB=1 for an already downloaded swdb.lst.' SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1 @@ -113,6 +113,9 @@ TARGETOS= # Set to 1 to build the GUI tools WITH_GUI=0 +# Set to 1 to use a pre-installed swdb.lst instead of the online version. +CUSTOM_SWDB=0 + # Set to 1 to really download the swdb. UPD_SWDB=0 @@ -157,7 +160,7 @@ speedo_spkgs = \ ifeq ($(TARGETOS),w32) speedo_spkgs += \ - zlib bzip2 libiconv gettext + zlib bzip2 adns libiconv gettext endif speedo_spkgs += \ @@ -206,8 +209,13 @@ speedo_make_only_style = \ zlib bzip2 # Get the content of the software DB. +ifeq ($(CUSTOM_SWDB),1) +getswdb_options = --skip-download --skip-verify +else +getswdb_options = +endif ifeq ($(UPD_SWDB),1) -SWDB := $(shell $(topsrc)/build-aux/getswdb.sh && echo okay) +SWDB := $(shell $(topsrc)/build-aux/getswdb.sh $(getswdb_options) && echo okay) ifeq ($(strip $(SWDB)),) $(error Error getting GnuPG software version database) endif @@ -248,6 +256,9 @@ zlib_sha1 := $(shell awk '$$1=="zlib_sha1_gz" {print $$2}' swdb.lst) bzip2_ver := $(shell awk '$$1=="bzip2_ver" {print $$2}' swdb.lst) bzip2_sha1 := $(shell awk '$$1=="bzip2_sha1_gz" {print $$2}' swdb.lst) +adns_ver := $(shell awk '$$1=="adns_ver" {print $$2}' swdb.lst) +adns_sha1 := $(shell awk '$$1=="adns_sha1" {print $$2}' swdb.lst) + $(info Information from the version database) $(info GnuPG ..........: $(gnupg_ver)) $(info Libgpg-error ...: $(libgpg_error_ver)) @@ -256,6 +267,7 @@ $(info Libgcrypt ......: $(libgcrypt_ver)) $(info Libassuan ......: $(libassuan_ver)) $(info Zlib ...........: $(zlib_ver)) $(info Bzip2 ..........: $(bzip2_ver)) +$(info ADNS ...........: $(adns_ver)) $(info GPGME ..........: $(gpgme_ver)) $(info Pinentry .......: $(pinentry_ver)) $(info GPA ............: $(gpa_ver)) @@ -264,7 +276,6 @@ endif # Version number for external packages pkg_config_ver = 0.23 -zlib_ver = 1.2.8 libiconv_ver = 1.14 gettext_ver = 0.18.2.1 libffi_ver = 3.0.13 @@ -277,7 +288,6 @@ pixman_ver = 0.32.4 cairo_ver = 1.12.16 gtk__ver = 2.24.17 - # The GIT repository. Using a local repo is much faster. #gitrep = git://git.gnupg.org gitrep = ${HOME}/s @@ -355,6 +365,7 @@ endif speedo_pkg_pkg_config_tar = $(pkg2rep)/pkg-config-$(pkg_config_ver).tar.gz speedo_pkg_zlib_tar = $(pkgrep)/zlib/zlib-$(zlib_ver).tar.gz speedo_pkg_bzip2_tar = $(pkgrep)/bzip2/bzip2-$(bzip2_ver).tar.gz +speedo_pkg_adns_tar = $(pkg10rep)/adns/adns-$(adns_ver).tar.bz2 speedo_pkg_libiconv_tar = $(pkg2rep)/libiconv-$(libiconv_ver).tar.gz speedo_pkg_gettext_tar = $(pkg2rep)/gettext-$(gettext_ver).tar.gz speedo_pkg_libffi_tar = $(pkg2rep)/libffi-$(libffi_ver).tar.gz commit f7e1be24c8fcf588d4e48aa53a85b22bd035e3b0 Author: Werner Koch Date: Fri Nov 7 18:17:52 2014 +0100 build: Improve test for ADNS * configure.ac : Use adns_free as probe function for libadns. (HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro. (ADNSLIBS): Do not ac_subst - it is only used within configure. -- adns_free is required on Windows anyway (for robustness reasons) and it has been around for so long now that we do not need a separate test. An upstream adns 1.5 has meanwhile been release but I doubt that this has the required Windows code - and it is not libtool based anyway. diff --git a/common/dns-cert.c b/common/dns-cert.c index 179bb15..4e297bf 100644 --- a/common/dns-cert.c +++ b/common/dns-cert.c @@ -44,9 +44,6 @@ #endif #ifdef USE_ADNS # include -# ifndef HAVE_ADNS_FREE -# define adns_free free -# endif #endif #include "util.h" diff --git a/common/pka.c b/common/pka.c index 3c45e8b..d472162 100644 --- a/common/pka.c +++ b/common/pka.c @@ -48,9 +48,6 @@ #endif /* USE_DNS_PKA */ #ifdef USE_ADNS # include -# ifndef HAVE_ADNS_FREE -# define adns_free free -# endif #endif #include "util.h" diff --git a/common/srv.c b/common/srv.c index 380e356..7a0c42d 100644 --- a/common/srv.c +++ b/common/srv.c @@ -45,9 +45,6 @@ #include #ifdef USE_ADNS # include -# ifndef HAVE_ADNS_FREE -# define adns_free free -# endif #endif #include "util.h" diff --git a/configure.ac b/configure.ac index 9afcd3b..320ee27 100644 --- a/configure.ac +++ b/configure.ac @@ -904,18 +904,14 @@ AC_ARG_WITH(adns, fi]) if test "$with_adns" != "no"; then AC_CHECK_HEADERS(adns.h, - AC_CHECK_LIB(adns, adns_init, + AC_CHECK_LIB(adns, adns_free, [have_adns=yes], [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]), - [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]) + [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]) fi if test "$have_adns" = "yes"; then ADNSLIBS="-ladns" fi -AC_SUBST(ADNSLIBS) -# Newer adns versions feature a free function to be used under W32. -AC_CHECK_FUNCS(adns_free) - # ----------------------------------------------------------------------- Summary of changes: build-aux/getswdb.sh | 27 ++++++++++++++++++++------- build-aux/speedo.mk | 23 +++++++++++++++++------ common/dns-cert.c | 3 --- common/http.c | 33 +++++++++++++++++++++++++-------- common/pka.c | 3 --- common/srv.c | 3 --- configure.ac | 8 ++------ doc/gpg.texi | 2 +- doc/specify-user-id.texi | 16 ++++++++++------ kbx/keybox-search.c | 2 +- 10 files changed, 76 insertions(+), 44 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 12 10:19:28 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 12 Nov 2014 10:19:28 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-10-gffc2307 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39 (commit) from b8cdfac353ad96d4ef025c066c16dbde34805661 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39 Author: Werner Koch Date: Wed Nov 12 09:56:40 2014 +0100 gpg: Add import options "keep-ownertrust". * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. * g10/import.c (parse_import_options): Add "keep-ownertrust". (import_one): Act upon new option. -- This option is in particular useful to convert from a pubring.gpg to the new pubring.kbx in GnuPG 2.1 or vice versa: gpg1 --export | gpg2 --import-options keep-ownertrust --import diff --git a/doc/gpg.texi b/doc/gpg.texi index 1154cd9..499df87 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1991,6 +1991,15 @@ opposite meaning. The options are: generally useful unless a shared keyring scheme is being used. Defaults to no. + @item import-keep-ownertrust + Normally possible still existing ownertrust values of a key are + cleared if a key is imported. This is in general desirable so that + a formerly deleted key does not automatically gain an ownertrust + values merely due to import. On the other hand it is sometimes + necessary to re-import a trusted set of keys again but keeping + already assigned ownertrust values. This can be achived by using + this option. + @item repair-pks-subkey-bug During import, attempt to repair the damage caused by the PKS keyserver bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note diff --git a/g10/import.c b/g10/import.c index 16e2b0b..6439fd0 100644 --- a/g10/import.c +++ b/g10/import.c @@ -100,16 +100,25 @@ parse_import_options(char *str,unsigned int *options,int noisy) { {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL, N_("import signatures that are marked as local-only")}, + {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL, N_("repair damage from the pks keyserver during import")}, + + {"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL, + N_("do not clear the ownertrust values during import")}, + {"fast-import",IMPORT_FAST,NULL, N_("do not update the trustdb after import")}, + {"merge-only",IMPORT_MERGE_ONLY,NULL, N_("only accept updates to existing keys")}, + {"import-clean",IMPORT_CLEAN,NULL, N_("remove unusable parts from key after import")}, + {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL, N_("remove as much as possible from key after import")}, + /* Aliases for backward compatibility */ {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL}, {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL}, @@ -989,12 +998,13 @@ import_one (ctrl_t ctrl, if (rc) log_error (_("error writing keyring '%s': %s\n"), keydb_get_resource_name (hd), g10_errstr(rc)); - else + else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST)) { /* This should not be possible since we delete the ownertrust when a key is deleted, but it can happen if the keyring and trustdb are out of sync. It can also - be made to happen with the trusted-key command. */ + be made to happen with the trusted-key command and by + importing and locally exported key. */ clear_ownertrusts (pk); if(non_self) diff --git a/g10/options.h b/g10/options.h index 0875eb5..95d1651 100644 --- a/g10/options.h +++ b/g10/options.h @@ -324,6 +324,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define IMPORT_MINIMAL (1<<5) #define IMPORT_CLEAN (1<<6) #define IMPORT_NO_SECKEY (1<<7) +#define IMPORT_KEEP_OWNERTTRUST (1<<8) #define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_ATTRIBUTES (1<<1) ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 9 +++++++++ g10/import.c | 14 ++++++++++++-- g10/options.h | 1 + 3 files changed, 22 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 12 10:25:01 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 12 Nov 2014 10:25:01 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-15-gda95d0d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via da95d0d37841b34e2f3d7047f14ab4d98a7c0c56 (commit) from eb756e2510bfcae3339e0907a7e4cacdea59b175 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit da95d0d37841b34e2f3d7047f14ab4d98a7c0c56 Author: Werner Koch Date: Wed Nov 12 09:56:40 2014 +0100 gpg: Add import option "keep-ownertrust". * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. * g10/import.c (parse_import_options): Add "keep-ownertrust". (import_one): Act upon new option. -- This option is in particular useful to convert from a pubring.gpg to the new pubring.kbx in GnuPG 2.1 or vice versa: gpg1 --export | gpg2 --import-options keep-ownertrust --import (cherry-picked from commit ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39) diff --git a/doc/gpg.texi b/doc/gpg.texi index b2c956e..0689cb5 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2039,6 +2039,15 @@ opposite meaning. The options are: generally useful unless a shared keyring scheme is being used. Defaults to no. + @item import-keep-ownertrust + Normally possible still existing ownertrust values of a key are + cleared if a key is imported. This is in general desirable so that + a formerly deleted key does not automatically gain an ownertrust + values merely due to import. On the other hand it is sometimes + necessary to re-import a trusted set of keys again but keeping + already assigned ownertrust values. This can be achived by using + this option. + @item repair-pks-subkey-bug During import, attempt to repair the damage caused by the PKS keyserver bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note diff --git a/g10/import.c b/g10/import.c index 1bf4090..8e509dd 100644 --- a/g10/import.c +++ b/g10/import.c @@ -95,18 +95,28 @@ parse_import_options(char *str,unsigned int *options,int noisy) { {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL, N_("import signatures that are marked as local-only")}, + {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL, N_("repair damage from the pks keyserver during import")}, + + {"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL, + N_("do not clear the ownertrust values during import")}, + {"fast-import",IMPORT_FAST,NULL, N_("do not update the trustdb after import")}, + {"convert-sk-to-pk",IMPORT_SK2PK,NULL, N_("create a public key when importing a secret key")}, + {"merge-only",IMPORT_MERGE_ONLY,NULL, N_("only accept updates to existing keys")}, + {"import-clean",IMPORT_CLEAN,NULL, N_("remove unusable parts from key after import")}, + {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL, N_("remove as much as possible from key after import")}, + /* Aliases for backward compatibility */ {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL}, {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL}, @@ -890,12 +900,13 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, if (rc) log_error (_("error writing keyring `%s': %s\n"), keydb_get_resource_name (hd), g10_errstr(rc)); - else + else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST)) { /* This should not be possible since we delete the ownertrust when a key is deleted, but it can happen if the keyring and trustdb are out of sync. It can also - be made to happen with the trusted-key command. */ + be made to happen with the trusted-key command and by + importing and locally exported key. */ clear_ownertrusts (pk); if(non_self) diff --git a/g10/options.h b/g10/options.h index e9c540d..9b12b77 100644 --- a/g10/options.h +++ b/g10/options.h @@ -324,6 +324,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define IMPORT_MINIMAL (1<<5) #define IMPORT_CLEAN (1<<6) #define IMPORT_NO_SECKEY (1<<7) +#define IMPORT_KEEP_OWNERTTRUST (1<<8) #define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_ATTRIBUTES (1<<1) ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 9 +++++++++ g10/import.c | 15 +++++++++++++-- g10/options.h | 1 + 3 files changed, 23 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 12 10:48:23 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 12 Nov 2014 10:48:23 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-14-g42d2474 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 42d2474a02aa46e6fecf0e35c067aa0b6481ffbe (commit) from 65c05f5c18d4331d6f1a5de98b4c6af27bc1aed8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 42d2474a02aa46e6fecf0e35c067aa0b6481ffbe Author: Werner Koch Date: Wed Nov 12 09:56:40 2014 +0100 gpg: Add import option "keep-ownertrust". * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. * g10/import.c (parse_import_options): Add "keep-ownertrust". (import_one): Act upon new option. -- This option is in particular useful to convert from a pubring.gpg to the new pubring.kbx in GnuPG 2.1 or vice versa: gpg1 --export | gpg2 --import-options keep-ownertrust --import (cherry-picked from commit da95d0d37841b34e2f3d7047f14ab4d98a7c0c56) diff --git a/doc/gpg.texi b/doc/gpg.texi index b1a27fb..728f314 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1885,6 +1885,15 @@ opposite meaning. The options are: generally useful unless a shared keyring scheme is being used. Defaults to no. + @item import-keep-ownertrust + Normally possible still existing ownertrust values of a key are + cleared if a key is imported. This is in general desirable so that + a formerly deleted key does not automatically gain an ownertrust + values merely due to import. On the other hand it is sometimes + necessary to re-import a trusted set of keys again but keeping + already assigned ownertrust values. This can be achived by using + this option. + @item repair-pks-subkey-bug During import, attempt to repair the damage caused by the PKS keyserver bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note diff --git a/g10/import.c b/g10/import.c index 2baa298..c9df368 100644 --- a/g10/import.c +++ b/g10/import.c @@ -95,18 +95,28 @@ parse_import_options(char *str,unsigned int *options,int noisy) { {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL, N_("import signatures that are marked as local-only")}, + {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL, N_("repair damage from the pks keyserver during import")}, + + {"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL, + N_("do not clear the ownertrust values during import")}, + {"fast-import",IMPORT_FAST,NULL, N_("do not update the trustdb after import")}, + {"convert-sk-to-pk",IMPORT_SK2PK,NULL, N_("create a public key when importing a secret key")}, + {"merge-only",IMPORT_MERGE_ONLY,NULL, N_("only accept updates to existing keys")}, + {"import-clean",IMPORT_CLEAN,NULL, N_("remove unusable parts from key after import")}, + {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL, N_("remove as much as possible from key after import")}, + /* Aliases for backward compatibility */ {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL}, {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL}, @@ -881,12 +891,13 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, if (rc) log_error (_("error writing keyring `%s': %s\n"), keydb_get_resource_name (hd), g10_errstr(rc)); - else + else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST)) { /* This should not be possible since we delete the ownertrust when a key is deleted, but it can happen if the keyring and trustdb are out of sync. It can also - be made to happen with the trusted-key command. */ + be made to happen with the trusted-key command and by + importing and locally exported key. */ clear_ownertrusts (pk); if(non_self) diff --git a/g10/options.h b/g10/options.h index 670cf64..dad5980 100644 --- a/g10/options.h +++ b/g10/options.h @@ -299,6 +299,7 @@ struct { #define IMPORT_MINIMAL (1<<5) #define IMPORT_CLEAN (1<<6) #define IMPORT_NO_SECKEY (1<<7) +#define IMPORT_KEEP_OWNERTTRUST (1<<8) #define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_ATTRIBUTES (1<<1) ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 9 +++++++++ g10/import.c | 15 +++++++++++++-- g10/options.h | 1 + 3 files changed, 23 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 12 12:24:06 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 12 Nov 2014 12:24:06 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-11-geecbed0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b (commit) from ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b Author: Werner Koch Date: Wed Nov 12 12:14:32 2014 +0100 gpg: Fix regression in --refresh-keys * g10/keyserver.c (keyserver_get): Factor all code out to ... (keyserver_get_chunk): new. Extimate line length. (keyserver_get): Split up requests into chunks. -- Note that refreshing all keys still requires way to much memory because we build an in-memory list of all keys first. It is required to first get a list of all keys to avoid conflicts while updating the key store in the process of receiving keys. A better strategy would be a background process and tracking the last update in the key store. GnuPG-bug-id: 1755 Signed-off-by: Werner Koch diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 5bddbbe..71f5324 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -429,7 +429,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen) error an error code is returned and NULL stored at R_FP. The pattern may only use search specification which a keyserver can - use to retriev keys. Because we know the format of the pattern we + use to retrieve keys. Because we know the format of the pattern we don't need to escape the patterns before sending them to the server. diff --git a/g10/keyserver.c b/g10/keyserver.c index 1b2e128..5bc1eba 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1567,17 +1567,16 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens) return err; } - - -/* Retrieve a key from a keyserver. The search pattern are in - (DESC,NDESC). Allowed search modes are keyid, fingerprint, and - exact searches. KEYSERVER gives an optional override keyserver. If - (R_FPR,R_FPRLEN) are not NULL, the may retrun the fingerprint of - one imported key. */ +/* Helper for keyserver_get. Here we only receive a chunk of the + description to be processed in one batch. This is required due to + the limited number of patterns the dirmngr interface (KS_GET) can + grok and to limit the amount of temporary required memory. */ static gpg_error_t -keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, - struct keyserver_spec *keyserver, - unsigned char **r_fpr, size_t *r_fprlen) +keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + int *r_ndesc_used, + void *stats_handle, + struct keyserver_spec *keyserver, + unsigned char **r_fpr, size_t *r_fprlen) { gpg_error_t err = 0; @@ -1585,12 +1584,26 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, int idx, npat; estream_t datastream; char *source = NULL; + size_t linelen; /* Estimated linelen for KS_GET. */ + size_t n; + +#define MAX_KS_GET_LINELEN 950 /* Somewhat lower than the real limit. */ + + *r_ndesc_used = 0; /* Create an array filled with a search pattern for each key. The array is delimited by a NULL entry. */ pattern = xtrycalloc (ndesc+1, sizeof *pattern); if (!pattern) return gpg_error_from_syserror (); + + /* Note that we break the loop as soon as our estimation of the to + be used line length reaches the limit. But we do this only if we + have processed at leas one search requests so that an overlong + single request will be rejected only later by gpg_dirmngr_ks_get + but we are sure that R_NDESC_USED has been updated. This avoids + a possible indefinite loop. */ + linelen = 9; /* "KS_GET --" */ for (npat=idx=0; idx < ndesc; idx++) { int quiet = 0; @@ -1598,7 +1611,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20 || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16) { - pattern[npat] = xtrymalloc (2+2*20+1); + n = 1+2+2*20; + if (idx && linelen + n > MAX_KS_GET_LINELEN) + break; /* Declare end of this chunk. */ + linelen += n; + + pattern[npat] = xtrymalloc (n); if (!pattern[npat]) err = gpg_error_from_syserror (); else @@ -1612,6 +1630,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, } else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID) { + n = 1+2+16; + if (idx && linelen + n > MAX_KS_GET_LINELEN) + break; /* Declare end of this chunk. */ + linelen += n; + pattern[npat] = xtryasprintf ("0x%08lX%08lX", (ulong)desc[idx].u.kid[0], (ulong)desc[idx].u.kid[1]); @@ -1622,6 +1645,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, } else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID) { + n = 1+2+8; + if (idx && linelen + n > MAX_KS_GET_LINELEN) + break; /* Declare end of this chunk. */ + linelen += n; + pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]); if (!pattern[npat]) err = gpg_error_from_syserror (); @@ -1630,11 +1658,17 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, } else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT) { - /* The Dirmngr uses also classify_user_id to detect the type + /* The Dirmngr also uses classify_user_id to detect the type of the search string. By adding the '=' prefix we force Dirmngr's KS_GET to consider this an exact search string. (In gpg 1.4 and gpg 2.0 the keyserver helpers used the KS_GETNAME command to indicate this.) */ + + n = 1+1+strlen (desc[idx].u.name); + if (idx && linelen + n > MAX_KS_GET_LINELEN) + break; /* Declare end of this chunk. */ + linelen += n; + pattern[npat] = strconcat ("=", desc[idx].u.name, NULL); if (!pattern[npat]) err = gpg_error_from_syserror (); @@ -1669,6 +1703,9 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, } } + /* Remember now many of search items were considered. Note that + this is different from NPAT. */ + *r_ndesc_used = idx; err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source); for (idx=0; idx < npat; idx++) @@ -1679,11 +1716,8 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, if (!err) { - void *stats_handle; struct ks_retrieval_screener_arg_s screenerarg; - stats_handle = import_new_stats_handle(); - /* FIXME: Check whether this comment should be moved to dirmngr. Slurp up all the key data. In the future, it might be nice @@ -1697,15 +1731,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, keyservers. */ screenerarg.desc = desc; - screenerarg.ndesc = ndesc; + screenerarg.ndesc = *r_ndesc_used; import_keys_es_stream (ctrl, datastream, stats_handle, r_fpr, r_fprlen, (opt.keyserver_options.import_options | IMPORT_NO_SECKEY), keyserver_retrieval_screener, &screenerarg); - - import_print_stats (stats_handle); - import_release_stats_handle (stats_handle); } es_fclose (datastream); xfree (source); @@ -1714,6 +1745,44 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, } +/* Retrieve a key from a keyserver. The search pattern are in + (DESC,NDESC). Allowed search modes are keyid, fingerprint, and + exact searches. KEYSERVER gives an optional override keyserver. If + (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a + single imported key. */ +static gpg_error_t +keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + struct keyserver_spec *keyserver, + unsigned char **r_fpr, size_t *r_fprlen) +{ + gpg_error_t err; + void *stats_handle; + int ndesc_used; + int any_good = 0; + + stats_handle = import_new_stats_handle(); + + for (;;) + { + err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle, + keyserver, r_fpr, r_fprlen); + if (!err) + any_good = 1; + if (err || ndesc_used >= ndesc) + break; /* Error or all processed. */ + /* Prepare for the next chunk. */ + desc += ndesc_used; + ndesc -= ndesc_used; + } + + if (any_good) + import_print_stats (stats_handle); + + import_release_stats_handle (stats_handle); + return err; +} + + /* Send all keys specified by KEYSPECS to the KEYSERVERS. */ static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs, ----------------------------------------------------------------------- Summary of changes: g10/call-dirmngr.c | 2 +- g10/keyserver.c | 107 ++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 89 insertions(+), 20 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 12 12:41:02 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 12 Nov 2014 12:41:02 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-12-g81e177b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 81e177be10273885573f5d1fd88a1ee23479f4ab (commit) from eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 81e177be10273885573f5d1fd88a1ee23479f4ab Author: Werner Koch Date: Wed Nov 12 12:41:20 2014 +0100 gpg: Improve perceived speed of secret key listings. * g10/keylist.c (list_keyblock): Flush stdout for secret keys. Signed-off-by: Werner Koch diff --git a/g10/keylist.c b/g10/keylist.c index b5ea84d..75def77 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1569,6 +1569,8 @@ list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr, list_keyblock_colon (keyblock, secret, has_secret, fpr); else list_keyblock_print (keyblock, secret, fpr, opaque); + if (secret) + es_fflush (es_stdout); } /* ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 13 12:47:59 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 13 Nov 2014 12:47:59 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-13-ge30cb8f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e30cb8f61792e3808f7c8f343fc8545e6c81fe74 (commit) from 81e177be10273885573f5d1fd88a1ee23479f4ab (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e30cb8f61792e3808f7c8f343fc8545e6c81fe74 Author: Werner Koch Date: Thu Nov 13 12:01:42 2014 +0100 gpg: Remove PGP-2 related cruft. * g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash header. (fake_packet): Remove pgp-2 workaround for white space stripping. * g10/filter.h (armor_filter_context_t): Remove field pgp2mode. * g10/options.h (opt): Remove field pgp2_workarounds. * g10/gpg.c (main): Do not set this field. * g10/gpgv.c (main): Ditto. * g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash algo. Using MD5 here is useless. (proc_plaintext): Remove PGP-2 related woraround (proc_tree): Remove another workaround but keep the one for PGP-5. -- The removed code was either not anymore used or its use would have caused an error message later anyway. Signed-off-by: Werner Koch diff --git a/g10/armor.c b/g10/armor.c index efdc92e..b00f985 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -286,8 +286,6 @@ parse_hash_header( const char *line ) found |= 1; else if( !strncmp( s, "SHA1", s2-s ) ) found |= 2; - else if( !strncmp( s, "MD5", s2-s ) ) - found |= 4; else if( !strncmp( s, "SHA224", s2-s ) ) found |= 8; else if( !strncmp( s, "SHA256", s2-s ) ) @@ -664,10 +662,9 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, { int crlf = n > 1 && p[n-2] == '\r' && p[n-1]=='\n'; - /* PGP2 does not treat a tab as white space character */ afx->buffer_len= trim_trailing_chars( &p[afx->buffer_pos], n-afx->buffer_pos, - afx->pgp2mode ? " \r\n" : " \t\r\n"); + " \t\r\n"); afx->buffer_len+=afx->buffer_pos; /* the buffer is always allocated with enough space to append * the removed [CR], LF and a Nul @@ -1009,14 +1006,9 @@ armor_filter( void *opaque, int control, /* the buffer is at least 15+n*15 bytes long, so it * is easy to construct the packets */ - hashes &= 1|2|4|8|16|32|64; + hashes &= 1|2|8|16|32|64; if( !hashes ) { - hashes |= 4; /* default to MD 5 */ - /* This is non-ideal since PGP 5-8 have the same - end-of-line bugs as PGP 2. However, we only - enable pgp2mode if there is no Hash: header. */ - if( opt.pgp2_workarounds ) - afx->pgp2mode = 1; + hashes |= 2; /* Default to SHA-1. */ } n=0; /* First a gpg control packet... */ @@ -1029,8 +1021,6 @@ armor_filter( void *opaque, int control, buf[n++] = DIGEST_ALGO_RMD160; if( hashes & 2 ) buf[n++] = DIGEST_ALGO_SHA1; - if( hashes & 4 ) - buf[n++] = DIGEST_ALGO_MD5; if( hashes & 8 ) buf[n++] = DIGEST_ALGO_SHA224; if( hashes & 16 ) diff --git a/g10/filter.h b/g10/filter.h index 731ad0f..c3c7966 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -49,7 +49,6 @@ typedef struct { int faked; /* we are faking a literal data packet */ int truncated; /* number of truncated lines */ int qp_detected; - int pgp2mode; byte eol[3]; /* The end of line characters as a zero-terminated string. Defaults (eol[0]=='\0') to whatever the local diff --git a/g10/gpg.c b/g10/gpg.c index c188d4a..a2225a0 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2099,7 +2099,6 @@ main (int argc, char **argv) opt.completes_needed = 1; opt.marginals_needed = 3; opt.max_cert_depth = 5; - opt.pgp2_workarounds = 1; opt.escape_from = 1; opt.flags.require_cross_cert = 1; opt.import_options = 0; @@ -2528,7 +2527,6 @@ main (int argc, char **argv) opt.rfc2440_text = 0; opt.allow_non_selfsigned_uid = 1; opt.allow_freeform_uid = 1; - opt.pgp2_workarounds = 0; opt.escape_from = 1; opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; @@ -2545,7 +2543,6 @@ main (int argc, char **argv) opt.rfc2440_text = 1; opt.allow_non_selfsigned_uid = 1; opt.allow_freeform_uid = 1; - opt.pgp2_workarounds = 0; opt.escape_from = 0; opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; diff --git a/g10/gpgv.c b/g10/gpgv.c index d79b899..7bba535 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -161,7 +161,6 @@ main( int argc, char **argv ) gnupg_init_signals (0, NULL); opt.command_fd = -1; /* no command fd */ - opt.pgp2_workarounds = 1; opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE; opt.trust_model = TM_ALWAYS; opt.batch = 1; diff --git a/g10/mainproc.c b/g10/mainproc.c index 50d1d27..19f1aac 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -555,9 +555,9 @@ proc_encrypted( CTX c, PACKET *pkt ) algo = CIPHER_ALGO_IDEA; if (!opt.s2k_digest_algo) { - /* If no digest is given we assume MD5 */ + /* If no digest is given we assume SHA-1. */ s2kbuf.mode = 0; - s2kbuf.hash_algo = DIGEST_ALGO_MD5; + s2kbuf.hash_algo = DIGEST_ALGO_SHA1; s2k = &s2kbuf; } log_info (_("assuming %s encrypted data\n"), "IDEA"); @@ -617,7 +617,7 @@ static void proc_plaintext( CTX c, PACKET *pkt ) { PKT_plaintext *pt = pkt->pkt.plaintext; - int any, clearsig, only_md5, rc; + int any, clearsig, rc; KBNODE n; literals_seen++; @@ -635,7 +635,7 @@ proc_plaintext( CTX c, PACKET *pkt ) * Should we assume that plaintext in mode 't' has always sigclass 1?? * See: Russ Allbery's mail 1999-02-09 */ - any = clearsig = only_md5 = 0; + any = clearsig = 0; for(n=c->list; n; n = n->next ) { if( n->pkt->pkttype == PKT_ONEPASS_SIG ) @@ -645,15 +645,8 @@ proc_plaintext( CTX c, PACKET *pkt ) { gcry_md_enable (c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo); - if( !any && n->pkt->pkt.onepass_sig->digest_algo - == DIGEST_ALGO_MD5 ) - only_md5 = 1; - else - only_md5 = 0; any = 1; } - if( n->pkt->pkt.onepass_sig->sig_class != 0x01 ) - only_md5 = 0; } else if( n->pkt->pkttype == PKT_GPG_CONTROL && n->pkt->pkt.gpg_control->control @@ -692,18 +685,7 @@ proc_plaintext( CTX c, PACKET *pkt ) answer. */ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); - gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); } - if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify - && opt.flags.allow_weak_digest_algos) { - /* This is a kludge to work around a bug in pgp2. It does only - * catch those mails which are armored. To catch the non-armored - * pgp mails we could see whether there is the signature packet - * in front of the plaintext. If someone needs this, send me a patch. - */ - if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) ) - BUG (); - } if ( DBG_HASHING ) { gcry_md_debug ( c->mfx.md, "verify" ); if ( c->mfx.md2 ) @@ -2130,20 +2112,13 @@ proc_tree( CTX c, KBNODE node ) if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) BUG (); - if( !opt.pgp2_workarounds ) - ; - else if( sig->digest_algo == DIGEST_ALGO_MD5 - && is_RSA( sig->pubkey_algo) - && opt.flags.allow_weak_digest_algos) { - /* enable a workaround for a pgp2 bug */ - if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0)) - BUG (); - } + if (RFC2440 || RFC4880) + ; /* Strict RFC mode. */ else if( sig->digest_algo == DIGEST_ALGO_SHA1 && sig->pubkey_algo == PUBKEY_ALGO_DSA && sig->sig_class == 0x01 ) { - /* enable the workaround also for pgp5 when the detached - * signature has been created in textmode */ + /* Enable a workaround for a pgp5 bug when the + * detached signature has been created in textmode. */ if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 )) BUG (); } diff --git a/g10/options.h b/g10/options.h index 95d1651..6a94ff4 100644 --- a/g10/options.h +++ b/g10/options.h @@ -126,7 +126,6 @@ struct { KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG } keyid_format; - int pgp2_workarounds; int shm_coprocess; const char *set_filename; strlist_t comments; ----------------------------------------------------------------------- Summary of changes: g10/armor.c | 16 +++------------- g10/filter.h | 1 - g10/gpg.c | 3 --- g10/gpgv.c | 1 - g10/mainproc.c | 41 ++++++++--------------------------------- g10/options.h | 1 - 6 files changed, 11 insertions(+), 52 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 13 17:51:26 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 13 Nov 2014 17:51:26 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-17-g9d897f8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9d897f8178610b4ce24f57d625dac71c679ce651 (commit) via 69384568f66a48eff3968bb1714aa13925580e9f (commit) via 22748338da9a78d20aefe3656ba40b0f9d34a681 (commit) via 63c651441579e63b7f846d2adebe8983a352f1d6 (commit) from e30cb8f61792e3808f7c8f343fc8545e6c81fe74 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9d897f8178610b4ce24f57d625dac71c679ce651 Author: Werner Koch Date: Thu Nov 13 17:51:09 2014 +0100 po: Auto-update. -- diff --git a/po/de.po b/po/de.po index 5f00126..ab5796e 100644 --- a/po/de.po +++ b/po/de.po @@ -2295,6 +2295,11 @@ msgstr "Importiere Signaturen, die als nicht exportf?hig markiert sind" msgid "repair damage from the pks keyserver during import" msgstr "Beseitige Besch?digung durch den Schl?sselserver w?hrend des Imports" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "?ndern Sie die \"Trust\"-Datenbank nach dem Import nicht" + msgid "do not update the trustdb after import" msgstr "?ndern Sie die \"Trust\"-Datenbank nach dem Import nicht" @@ -4271,6 +4276,10 @@ msgid ", key algorithm " msgstr ", Schl?sselverfahren " #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Signatur kann nicht gepr?ft werden: %s\n" @@ -4289,9 +4298,6 @@ msgstr "Einzelne Signatur der Klasse 0x%02x\n" msgid "old style (PGP 2.x) signature\n" msgstr "Signatur nach alter (PGP 2.x) Art\n" -msgid "invalid root packet detected in proc_tree()\n" -msgstr "ung?ltiges root-Paket in proc_tree() entdeckt\n" - #, c-format msgid "fstat of '%s' failed in %s: %s\n" msgstr "fstat von `%s' schlug fehl in %s: %s\n" @@ -8014,6 +8020,9 @@ msgstr "" "Syntax: gpg-check-pattern [optionen] Musterdatei\n" "Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n" +#~ msgid "invalid root packet detected in proc_tree()\n" +#~ msgstr "ung?ltiges root-Paket in proc_tree() entdeckt\n" + #~ msgid "no secret subkey for public subkey %s - ignoring\n" #~ msgstr "" #~ "Kein privater Unterschl?ssel zum ?ffentlichen Unterschl?ssel %s - " diff --git a/po/fr.po b/po/fr.po index abec34a..f9a23b5 100644 --- a/po/fr.po +++ b/po/fr.po @@ -2305,6 +2305,11 @@ msgstr "importer des signatures marqu?es comme locales seulement" msgid "repair damage from the pks keyserver during import" msgstr "r?parer les donn?es endommag?es du serveur pks pendant l'importation" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "ne pas mettre ? jour la base de confiance apr?s l'importation" + msgid "do not update the trustdb after import" msgstr "ne pas mettre ? jour la base de confiance apr?s l'importation" @@ -4286,6 +4291,10 @@ msgid ", key algorithm " msgstr ", algorithme de clef " #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Impossible de v?rifier la signature?: %s\n" @@ -4305,9 +4314,6 @@ msgstr "signature autonome de classe 0x%02x\n" msgid "old style (PGP 2.x) signature\n" msgstr "signature d'un ancien type (PGP?2.x)\n" -msgid "invalid root packet detected in proc_tree()\n" -msgstr "paquet racine incorrect d?tect? dans proc_tree()\n" - #, c-format msgid "fstat of '%s' failed in %s: %s\n" msgstr "?chec du fstat de ??%s?? dans %s?: %s\n" @@ -8094,6 +8100,9 @@ msgstr "" "V?rifier une phrase secr?te donn?e sur l'entr?e standard par rapport ? " "ficmotif\n" +#~ msgid "invalid root packet detected in proc_tree()\n" +#~ msgstr "paquet racine incorrect d?tect? dans proc_tree()\n" + #~ msgid "use a standard location for the socket" #~ msgstr "utiliser un emplacement de socket standard" diff --git a/po/ja.po b/po/ja.po index db6258e..5382826 100644 --- a/po/ja.po +++ b/po/ja.po @@ -2251,6 +2251,11 @@ msgstr "???????????????????????? msgid "repair damage from the pks keyserver during import" msgstr "???????pks??????????????????" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "??????????????????????" + msgid "do not update the trustdb after import" msgstr "??????????????????????" @@ -4174,6 +4179,10 @@ msgid ", key algorithm " msgstr "???????? " #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "??????????: %s\n" @@ -4191,9 +4200,6 @@ msgstr "???0x%02x??????????\n" msgid "old style (PGP 2.x) signature\n" msgstr "???? (PGP 2.x) ???\n" -msgid "invalid root packet detected in proc_tree()\n" -msgstr "proc_tree() ?????????????????????\n" - #, c-format msgid "fstat of '%s' failed in %s: %s\n" msgstr "'%s'?fstat?%s???????: %s\n" @@ -7782,6 +7788,9 @@ msgstr "" "??: gpg-check-pattern [?????] ????????\n" "????????????????????????????\n" +#~ msgid "invalid root packet detected in proc_tree()\n" +#~ msgstr "proc_tree() ?????????????????????\n" + #~ msgid "no secret subkey for public subkey %s - ignoring\n" #~ msgstr "????%s??????????????? - ??\n" diff --git a/po/uk.po b/po/uk.po index 2900ef1..4a5753e 100644 --- a/po/uk.po +++ b/po/uk.po @@ -2328,6 +2328,11 @@ msgstr "??????????? ???????, ????????? ?? ???? msgid "repair damage from the pks keyserver during import" msgstr "???????????? ??????????? ???????? ?????? pks ??? ??? ????????????" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "?? ?????????? ???? ????? ?????? ????? ????????????" + msgid "do not update the trustdb after import" msgstr "?? ?????????? ???? ????? ?????? ????? ????????????" @@ -4307,6 +4312,10 @@ msgid ", key algorithm " msgstr "????????: %s" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "?? ??????? ?????????? ??????: %s\n" @@ -4324,9 +4333,6 @@ msgstr "??????? ?????? ????? 0x%02x\n" msgid "old style (PGP 2.x) signature\n" msgstr "?????? ? ??????????? ??????? (PGP 2.x)\n" -msgid "invalid root packet detected in proc_tree()\n" -msgstr "???????? ??????????? ????????? ????? ? proc_tree()\n" - #, c-format msgid "fstat of '%s' failed in %s: %s\n" msgstr "??????? fstat ???? ?%s? ? %s: %s\n" @@ -7997,6 +8003,9 @@ msgstr "" "?????????: gpg-check-pattern [?????????] ????_????????\n" "?????????? ??????, ???????? ? stdin, ?? ????????? ?????_????????\n" +#~ msgid "invalid root packet detected in proc_tree()\n" +#~ msgstr "???????? ??????????? ????????? ????? ? proc_tree()\n" + #~ msgid "no secret subkey for public subkey %s - ignoring\n" #~ msgstr "????? ????????? ???????? ??? ?????????? ???????? %s ? ???????????\n" commit 69384568f66a48eff3968bb1714aa13925580e9f Author: Werner Koch Date: Thu Nov 13 17:39:31 2014 +0100 gpg: Make the use of "--verify FILE" for detached sigs harder. * g10/openfile.c (open_sigfile): Factor some code out to ... (get_matching_datafile): new function. * g10/plaintext.c (hash_datafiles): Do not try to find matching file in batch mode. * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. -- Allowing to use the abbreviated form for detached signatures is a long standing bug which has only been noticed by the public with the release of 2.1.0. :-( What we do is to remove the ability to check detached signature in --batch using the one file abbreviated mode. This should exhibit problems in scripts which use this insecure practice. We also print a warning if a matching data file exists but was not considered because the detached signature was actually a standard signature: gpgv: Good signature from "Werner Koch (dist sig)" gpgv: WARNING: not a detached signature; \ file 'gnupg-2.1.0.tar.bz2' was NOT verified! We can only print a warning because it is possible that a standard signature is indeed to be verified but by coincidence a file with a matching name is stored alongside the standard signature. Reported-by: Simon Nicolussi (to gnupg-users on Nov 7) Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 499df87..634b4e2 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -214,16 +214,22 @@ files which don't begin with an encrypted message. @item --verify @opindex verify -Assume that the first argument is a signed file or a detached signature -and verify it without generating any output. With no arguments, the -signature packet is read from STDIN. If only a sigfile is given, it may -be a complete signature or a detached signature, in which case the -signed stuff is expected in a file without the ".sig" or ".asc" -extension. With more than 1 argument, the first should be a detached -signature and the remaining files are the signed stuff. To read the -signed stuff from STDIN, use @samp{-} as the second filename. For -security reasons a detached signature cannot read the signed material -from STDIN without denoting it in the above way. +Assume that the first argument is a signed file and verify it without +generating any output. With no arguments, the signature packet is +read from STDIN. If only a one argument is given, it is expected to +be a complete signature. + +With more than 1 argument, the first should be a detached signature +and the remaining files ake up the the signed data. To read the signed +data from STDIN, use @samp{-} as the second filename. For security +reasons a detached signature cannot read the signed material from +STDIN without denoting it in the above way. + +Note: If the option @option{--batch} is not used, @command{@gpgname} +may assume that a single argument is a file with a detached signature +and it will try to find a matching data file by stripping certain +suffixes. Using this historical feature to verify a detached +signature is strongly discouraged; always specify the data file too. Note: When verifying a cleartext signature, @command{gpg} verifies only what makes up the cleartext signed data and not any extra data diff --git a/g10/main.h b/g10/main.h index 76541c7..d313afb 100644 --- a/g10/main.h +++ b/g10/main.h @@ -286,7 +286,8 @@ char *make_outfile_name( const char *iname ); char *ask_outfile_name( const char *name, size_t namelen ); int open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm, iobuf_t *a); -iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx ); +char *get_matching_datafile (const char *sigfilename); +iobuf_t open_sigfile (const char *sigfilename, progress_filter_context_t *pfx); void try_make_homedir( const char *fname ); char *get_openpgp_revocdir (const char *home); @@ -374,7 +375,7 @@ void decrypt_messages (ctrl_t ctrl, int nfiles, char *files[]); /*-- plaintext.c --*/ int hash_datafiles( gcry_md_hd_t md, gcry_md_hd_t md2, - strlist_t files, const char *sigfilename, int textmode ); + strlist_t files, const char *sigfilename, int textmode); int hash_datafile_by_fd ( gcry_md_hd_t md, gcry_md_hd_t md2, int data_fd, int textmode ); PKT_plaintext *setup_plaintext_name(const char *filename,IOBUF iobuf); diff --git a/g10/mainproc.c b/g10/mainproc.c index bc186d3..b84607a 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -2008,6 +2008,44 @@ check_sig_and_print (CTX c, kbnode_t node) *pkstrbuf?_(", key algorithm "):"", pkstrbuf); + if (!rc && !c->signed_data.used) + { + /* Signature is basically good but we test whether the + deprecated command + gpg --verify FILE.sig + was used instead of + gpg --verify FILE.sig FILE + to verify a detached signature. If we figure out that a + data file with a matching name exists, we print a warning. + + The problem is that the first form would also verify a + standard signature. This behavior could be used to + create a made up .sig file for a tarball by creating a + standard signature from a valid detached signature packet + (for example from a signed git tag). Then replace the + sig file on the FTP server along with a changed tarball. + Using the first form the verify command would correctly + verify the signature but don't even consider the tarball. */ + kbnode_t n; + char *dfile; + + dfile = get_matching_datafile (c->sigfilename); + if (dfile) + { + for (n = c->list; n; n = n->next) + if (n->pkt->pkttype != PKT_SIGNATURE) + break; + if (n) + { + /* Not only signature packets in the tree thus this + is not a detached signature. */ + log_info (_("WARNING: not a detached signature; " + "file '%s' was NOT verified!\n"), dfile); + } + xfree (dfile); + } + } + if (rc) g10_errors_seen = 1; if (opt.batch && rc) diff --git a/g10/openfile.c b/g10/openfile.c index ab27f44..76961e5 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -310,40 +310,64 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm, } +/* Find a matching data file for the signature file SIGFILENAME and + return it as a malloced string. If no matching data file is found, + return NULL. */ +char * +get_matching_datafile (const char *sigfilename) +{ + char *fname = NULL; + size_t len; + + if (iobuf_is_pipe_filename (sigfilename)) + return NULL; + + len = strlen (sigfilename); + if (len > 4 + && (!strcmp (sigfilename + len - 4, EXTSEP_S "sig") + || (len > 5 && !strcmp(sigfilename + len - 5, EXTSEP_S "sign")) + || !strcmp(sigfilename + len - 4, EXTSEP_S "asc"))) + { + + fname = xstrdup (sigfilename); + fname[len-(fname[len-1]=='n'?5:4)] = 0 ; + if (access (fname, R_OK )) + { + /* Not found or other error. */ + xfree (fname); + fname = NULL; + } + } + + return fname; +} + + /* * Try to open a file without the extension ".sig" or ".asc" * Return NULL if such a file is not available. */ -IOBUF -open_sigfile( const char *iname, progress_filter_context_t *pfx ) +iobuf_t +open_sigfile (const char *sigfilename, progress_filter_context_t *pfx) { - IOBUF a = NULL; - size_t len; + iobuf_t a = NULL; + char *buf; - if (!iobuf_is_pipe_filename (iname)) + buf = get_matching_datafile (sigfilename); + if (buf) { - len = strlen(iname); - if( len > 4 && (!strcmp(iname + len - 4, EXTSEP_S "sig") - || (len > 5 && !strcmp(iname + len - 5, EXTSEP_S "sign")) - || !strcmp(iname + len - 4, EXTSEP_S "asc"))) + a = iobuf_open (buf); + if (a && is_secured_file (iobuf_get_fd (a))) { - char *buf; - - buf = xstrdup(iname); - buf[len-(buf[len-1]=='n'?5:4)] = 0 ; - a = iobuf_open( buf ); - if (a && is_secured_file (iobuf_get_fd (a))) - { - iobuf_close (a); - a = NULL; - gpg_err_set_errno (EPERM); - } - if (a && opt.verbose) - log_info (_("assuming signed data in '%s'\n"), buf); - if (a && pfx) - handle_progress (pfx, a, buf); - xfree (buf); - } + iobuf_close (a); + a = NULL; + gpg_err_set_errno (EPERM); + } + if (a) + log_info (_("assuming signed data in '%s'\n"), buf); + if (a && pfx) + handle_progress (pfx, a, buf); + xfree (buf); } return a; diff --git a/g10/plaintext.c b/g10/plaintext.c index 5454198..5d343c6 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -607,10 +607,8 @@ leave: -/**************** - * Hash the given files and append the hash to hash context md. - * If FILES is NULL, hash stdin. - */ +/* Hash the given files and append the hash to hash contexts MD and + * MD2. If FILES is NULL, stdin is hashed. */ int hash_datafiles (gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files, const char *sigfilename, int textmode) @@ -623,15 +621,22 @@ hash_datafiles (gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files, if (!files) { - /* check whether we can open the signed material */ - fp = open_sigfile (sigfilename, pfx); - if (fp) - { - do_hash (md, md2, fp, textmode); - iobuf_close (fp); - release_progress_context (pfx); - return 0; - } + /* Check whether we can open the signed material. We avoid + trying to open a file if run in batch mode. This assumed + data file for a sig file feature is just a convenience thing + for the command line and the user needs to read possible + warning messages. */ + if (!opt.batch) + { + fp = open_sigfile (sigfilename, pfx); + if (fp) + { + do_hash (md, md2, fp, textmode); + iobuf_close (fp); + release_progress_context (pfx); + return 0; + } + } log_error (_("no signed data\n")); release_progress_context (pfx); return gpg_error (GPG_ERR_NO_DATA); commit 22748338da9a78d20aefe3656ba40b0f9d34a681 Author: Werner Koch Date: Thu Nov 13 17:01:17 2014 +0100 gpg: Fix a missing LF in debug output. * g10/kbnode.c (dump_kbnode): Print a LF. Signed-off-by: Werner Koch diff --git a/g10/kbnode.c b/g10/kbnode.c index ad66f8a..3337e01 100644 --- a/g10/kbnode.c +++ b/g10/kbnode.c @@ -424,6 +424,8 @@ dump_kbnode (KBNODE node) pk->flags.valid? 'v':'.', pk->flags.mdc? 'm':'.'); } + else + log_printf ("\n"); log_flush (); } commit 63c651441579e63b7f846d2adebe8983a352f1d6 Author: Werner Koch Date: Thu Nov 13 13:00:46 2014 +0100 gpg: Re-indent two files. -- diff --git a/g10/mainproc.c b/g10/mainproc.c index 19f1aac..bc186d3 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1,7 +1,6 @@ /* mainproc.c - handle packets - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008, 2009 Free Software Foundation, Inc. - * Copyright (C) 2013, 2014 Werner Koch + * Copyright (C) 1998-2009 Free Software Foundation, Inc. + * Copyright (C) 2013-2014 Werner Koch * * This file is part of GnuPG. * @@ -47,16 +46,18 @@ #define MAX_NESTING_DEPTH 32 -struct kidlist_item { - struct kidlist_item *next; - u32 kid[2]; - int pubkey_algo; - int reason; +/* An object to build a list of keyid related info. */ +struct kidlist_item +{ + struct kidlist_item *next; + u32 kid[2]; + int pubkey_algo; + int reason; }; -/**************** - * Structure to hold the context +/* + * Object to hold the processing context. */ typedef struct mainproc_context *CTX; struct mainproc_context @@ -90,8 +91,8 @@ struct mainproc_context DEK *dek; int last_was_session_key; - KBNODE list; /* The current list of packets. */ - IOBUF iobuf; /* Used to get the filename etc. */ + kbnode_t list; /* The current list of packets. */ + iobuf_t iobuf; /* Used to get the filename etc. */ int trustletter; /* Temporary usage in list_node. */ ulong symkeys; struct kidlist_item *pkenc_list; /* List of encryption packets. */ @@ -104,135 +105,150 @@ struct mainproc_context }; -static int do_proc_packets( CTX c, IOBUF a ); -static void list_node( CTX c, KBNODE node ); -static void proc_tree( CTX c, KBNODE node ); +/*** Local prototypes. ***/ +static int do_proc_packets (CTX c, iobuf_t a); +static void list_node (CTX c, kbnode_t node); +static void proc_tree (CTX c, kbnode_t node); static int literals_seen; + +/*** Functions. ***/ + + void reset_literals_seen(void) { - literals_seen=0; + literals_seen = 0; } + static void release_list( CTX c ) { - if( !c->list ) - return; - proc_tree(c, c->list ); - release_kbnode( c->list ); - while( c->pkenc_list ) { - struct kidlist_item *tmp = c->pkenc_list->next; - xfree( c->pkenc_list ); - c->pkenc_list = tmp; + if (!c->list) + return; + proc_tree (c, c->list); + release_kbnode (c->list); + while (c->pkenc_list) + { + struct kidlist_item *tmp = c->pkenc_list->next; + xfree (c->pkenc_list); + c->pkenc_list = tmp; } - c->pkenc_list = NULL; - c->list = NULL; - c->any.data = 0; - c->any.uncompress_failed = 0; - c->last_was_session_key = 0; - xfree(c->dek); c->dek = NULL; + c->pkenc_list = NULL; + c->list = NULL; + c->any.data = 0; + c->any.uncompress_failed = 0; + c->last_was_session_key = 0; + xfree (c->dek); + c->dek = NULL; } static int -add_onepass_sig( CTX c, PACKET *pkt ) +add_onepass_sig (CTX c, PACKET *pkt) { - KBNODE node; + kbnode_t node; - if ( c->list ) /* add another packet */ - add_kbnode( c->list, new_kbnode( pkt )); - else /* insert the first one */ - c->list = node = new_kbnode( pkt ); + if (c->list) /* Add another packet. */ + add_kbnode (c->list, new_kbnode (pkt)); + else /* Insert the first one. */ + c->list = node = new_kbnode (pkt); return 1; } static int -add_gpg_control( CTX c, PACKET *pkt ) +add_gpg_control (CTX c, PACKET *pkt) { - if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START ) { - /* New clear text signature. - * Process the last one and reset everything */ - release_list(c); + if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START ) + { + /* New clear text signature. + * Process the last one and reset everything */ + release_list(c); } - if( c->list ) /* add another packet */ - add_kbnode( c->list, new_kbnode( pkt )); - else /* insert the first one */ - c->list = new_kbnode( pkt ); + if (c->list) /* Add another packet. */ + add_kbnode (c->list, new_kbnode (pkt)); + else /* Insert the first one. */ + c->list = new_kbnode (pkt); - return 1; + return 1; } - static int -add_user_id( CTX c, PACKET *pkt ) +add_user_id (CTX c, PACKET *pkt) { - if( !c->list ) { - log_error("orphaned user ID\n" ); - return 0; + if (!c->list) + { + log_error ("orphaned user ID\n"); + return 0; } - add_kbnode( c->list, new_kbnode( pkt ) ); - return 1; + add_kbnode (c->list, new_kbnode (pkt)); + return 1; } + static int -add_subkey( CTX c, PACKET *pkt ) +add_subkey (CTX c, PACKET *pkt) { - if( !c->list ) { - log_error("subkey w/o mainkey\n" ); - return 0; + if (!c->list) + { + log_error ("subkey w/o mainkey\n"); + return 0; } - add_kbnode( c->list, new_kbnode( pkt ) ); - return 1; + add_kbnode (c->list, new_kbnode (pkt)); + return 1; } + static int -add_ring_trust( CTX c, PACKET *pkt ) +add_ring_trust (CTX c, PACKET *pkt) { - if( !c->list ) { - log_error("ring trust w/o key\n" ); - return 0; + if (!c->list) + { + log_error ("ring trust w/o key\n"); + return 0; } - add_kbnode( c->list, new_kbnode( pkt ) ); - return 1; + add_kbnode (c->list, new_kbnode (pkt)); + return 1; } static int -add_signature( CTX c, PACKET *pkt ) +add_signature (CTX c, PACKET *pkt) { - KBNODE node; - - c->any.sig_seen = 1; - if( pkt->pkttype == PKT_SIGNATURE && !c->list ) { - /* This is the first signature for the following datafile. - * GPG does not write such packets; instead it always uses - * onepass-sig packets. The drawback of PGP's method - * of prepending the signature to the data is - * that it is not possible to make a signature from data read - * from stdin. (GPG is able to read PGP stuff anyway.) */ - node = new_kbnode( pkt ); - c->list = node; - return 1; + kbnode_t node; + + c->any.sig_seen = 1; + if (pkt->pkttype == PKT_SIGNATURE && !c->list) + { + /* This is the first signature for the following datafile. + * GPG does not write such packets; instead it always uses + * onepass-sig packets. The drawback of PGP's method + * of prepending the signature to the data is + * that it is not possible to make a signature from data read + * from stdin. (GPG is able to read PGP stuff anyway.) */ + node = new_kbnode (pkt); + c->list = node; + return 1; } - else if( !c->list ) - return 0; /* oops (invalid packet sequence)*/ - else if( !c->list->pkt ) - BUG(); /* so nicht */ - - /* add a new signature node id at the end */ - node = new_kbnode( pkt ); - add_kbnode( c->list, node ); - return 1; + else if (!c->list) + return 0; /* oops (invalid packet sequence)*/ + else if (!c->list->pkt) + BUG(); /* so nicht */ + + /* Add a new signature node item at the end. */ + node = new_kbnode (pkt); + add_kbnode (c->list, node); + + return 1; } static int -symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen ) +symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen) { gcry_cipher_hd_t hd; @@ -267,132 +283,137 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen ) return 0; } + static void -proc_symkey_enc( CTX c, PACKET *pkt ) +proc_symkey_enc (CTX c, PACKET *pkt) { - PKT_symkey_enc *enc; + PKT_symkey_enc *enc; - enc = pkt->pkt.symkey_enc; - if (!enc) - log_error ("invalid symkey encrypted packet\n"); - else if(!c->dek) - { - int algo = enc->cipher_algo; - const char *s = openpgp_cipher_algo_name (algo); - - if (!openpgp_cipher_test_algo (algo)) - { - if(!opt.quiet) - { - if(enc->seskeylen) - log_info(_("%s encrypted session key\n"), s ); - else - log_info(_("%s encrypted data\n"), s ); - } - } - else - log_error(_("encrypted with unknown algorithm %d\n"), algo ); - - if(openpgp_md_test_algo (enc->s2k.hash_algo)) - { - log_error(_("passphrase generated with unknown digest" - " algorithm %d\n"),enc->s2k.hash_algo); - s=NULL; - } - - c->last_was_session_key = 2; - if(!s || opt.list_only) - goto leave; - - if(opt.override_session_key) - { - c->dek = xmalloc_clear( sizeof *c->dek ); - if(get_override_session_key(c->dek, opt.override_session_key)) - { - xfree(c->dek); - c->dek = NULL; - } - } - else - { - c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3, - NULL, NULL); - if(c->dek) - { - c->dek->symmetric=1; - - /* FIXME: This doesn't work perfectly if a symmetric - key comes before a public key in the message - if - the user doesn't know the passphrase, then there is - a chance that the "decrypted" algorithm will happen - to be a valid one, which will make the returned dek - appear valid, so we won't try any public keys that - come later. */ - if(enc->seskeylen) - { - if(symkey_decrypt_seskey(c->dek, enc->seskey, - enc->seskeylen)) - { - xfree(c->dek); - c->dek=NULL; - } - } - else - c->dek->algo_info_printed = 1; - } - } - } + enc = pkt->pkt.symkey_enc; + if (!enc) + log_error ("invalid symkey encrypted packet\n"); + else if(!c->dek) + { + int algo = enc->cipher_algo; + const char *s = openpgp_cipher_algo_name (algo); + + if (!openpgp_cipher_test_algo (algo)) + { + if (!opt.quiet) + { + if (enc->seskeylen) + log_info (_("%s encrypted session key\n"), s ); + else + log_info (_("%s encrypted data\n"), s ); + } + } + else + log_error (_("encrypted with unknown algorithm %d\n"), algo); + + if (openpgp_md_test_algo (enc->s2k.hash_algo)) + { + log_error(_("passphrase generated with unknown digest" + " algorithm %d\n"),enc->s2k.hash_algo); + s = NULL; + } + + c->last_was_session_key = 2; + if (!s || opt.list_only) + goto leave; + + if (opt.override_session_key) + { + c->dek = xmalloc_clear (sizeof *c->dek); + if (get_override_session_key (c->dek, opt.override_session_key)) + { + xfree (c->dek); + c->dek = NULL; + } + } + else + { + c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3, NULL, NULL); + if (c->dek) + { + c->dek->symmetric = 1; + + /* FIXME: This doesn't work perfectly if a symmetric key + comes before a public key in the message - if the + user doesn't know the passphrase, then there is a + chance that the "decrypted" algorithm will happen to + be a valid one, which will make the returned dek + appear valid, so we won't try any public keys that + come later. */ + if (enc->seskeylen) + { + if (symkey_decrypt_seskey (c->dek, + enc->seskey, enc->seskeylen)) + { + xfree (c->dek); + c->dek = NULL; + } + } + else + c->dek->algo_info_printed = 1; + } + } + } leave: - c->symkeys++; - free_packet(pkt); + c->symkeys++; + free_packet (pkt); } + static void -proc_pubkey_enc( CTX c, PACKET *pkt ) +proc_pubkey_enc (CTX c, PACKET *pkt) { - PKT_pubkey_enc *enc; - int result = 0; - - /* check whether the secret key is available and store in this case */ - c->last_was_session_key = 1; - enc = pkt->pkt.pubkey_enc; - /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/ - /* Hmmm: why do I have this algo check here - anyway there is - * function to check it. */ - if( opt.verbose ) - log_info(_("public key is %s\n"), keystr(enc->keyid) ); - - if( is_status_enabled() ) { - char buf[50]; - /* FIXME: For ECC support we need to map the OpenPGP algo - number to the Libgcrypt definef one. This is due a - chicken-egg problem: We need to have code in libgcrypt for - a new algorithm so to implement a proposed new algorithm - before the IANA will finally assign an OpenPGP - indentifier. */ - snprintf (buf, sizeof buf, "%08lX%08lX %d 0", - (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo ); - write_status_text( STATUS_ENC_TO, buf ); + PKT_pubkey_enc *enc; + int result = 0; + + /* Check whether the secret key is available and store in this case. */ + c->last_was_session_key = 1; + enc = pkt->pkt.pubkey_enc; + /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/ + /* Hmmm: why do I have this algo check here - anyway there is + * function to check it. */ + if (opt.verbose) + log_info (_("public key is %s\n"), keystr (enc->keyid)); + + if (is_status_enabled()) + { + char buf[50]; + /* FIXME: For ECC support we need to map the OpenPGP algo number + to the Libgcrypt defined one. This is due a chicken-egg + problem: We need to have code in Libgcrypt for a new + algorithm so to implement a proposed new algorithm before the + IANA will finally assign an OpenPGP indentifier. */ + snprintf (buf, sizeof buf, "%08lX%08lX %d 0", + (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo); + write_status_text (STATUS_ENC_TO, buf); } - if( !opt.list_only && opt.override_session_key ) { - /* It does not make much sense to store the session key in - * secure memory because it has already been passed on the - * command line and the GCHQ knows about it. */ - c->dek = xmalloc_clear( sizeof *c->dek ); - result = get_override_session_key ( c->dek, opt.override_session_key ); - if ( result ) { - xfree(c->dek); c->dek = NULL; + if (!opt.list_only && opt.override_session_key) + { + /* It does not make much sense to store the session key in + * secure memory because it has already been passed on the + * command line and the GCHQ knows about it. */ + c->dek = xmalloc_clear (sizeof *c->dek); + result = get_override_session_key (c->dek, opt.override_session_key); + if (result) + { + xfree (c->dek); + c->dek = NULL; } } - else if( is_ELGAMAL(enc->pubkey_algo) - || enc->pubkey_algo == PUBKEY_ALGO_DSA - || enc->pubkey_algo == PUBKEY_ALGO_ECDSA - || enc->pubkey_algo == PUBKEY_ALGO_EDDSA - || enc->pubkey_algo == PUBKEY_ALGO_ECDH - || is_RSA(enc->pubkey_algo) - || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) { + else if (is_ELGAMAL(enc->pubkey_algo) + || enc->pubkey_algo == PUBKEY_ALGO_DSA + || enc->pubkey_algo == PUBKEY_ALGO_ECDSA + || enc->pubkey_algo == PUBKEY_ALGO_EDDSA + || enc->pubkey_algo == PUBKEY_ALGO_ECDH + || is_RSA (enc->pubkey_algo) + || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) + { /* Note that we also allow type 20 Elgamal keys for decryption. There are still a couple of those keys in active use as a subkey. */ @@ -400,341 +421,352 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) /* FIXME: Store this all in a list and process it later so that we can prioritize what key to use. This gives a better user experience if wildcard keyids are used. */ - if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1]) - || opt.try_all_secrets - || have_secret_key_with_kid (enc->keyid)) ) { - if( opt.list_only ) - result = -1; - else { - c->dek = xmalloc_secure_clear( sizeof *c->dek ); - if( (result = get_session_key( enc, c->dek )) ) { - /* error: delete the DEK */ - xfree(c->dek); c->dek = NULL; + if (!c->dek && ((!enc->keyid[0] && !enc->keyid[1]) + || opt.try_all_secrets + || have_secret_key_with_kid (enc->keyid))) + { + if(opt.list_only) + result = -1; + else + { + c->dek = xmalloc_secure_clear (sizeof *c->dek); + if ((result = get_session_key (enc, c->dek))) + { + /* Error: Delete the DEK. */ + xfree (c->dek); + c->dek = NULL; } } } - else - result = G10ERR_NO_SECKEY; + else + result = G10ERR_NO_SECKEY; } - else - result = G10ERR_PUBKEY_ALGO; + else + result = G10ERR_PUBKEY_ALGO; - if( result == -1 ) - ; - else - { - /* store it for later display */ - struct kidlist_item *x = xmalloc( sizeof *x ); - x->kid[0] = enc->keyid[0]; - x->kid[1] = enc->keyid[1]; - x->pubkey_algo = enc->pubkey_algo; - x->reason = result; - x->next = c->pkenc_list; - c->pkenc_list = x; - - if( !result && opt.verbose > 1 ) - log_info( _("public key encrypted data: good DEK\n") ); - } + if (result == -1) + ; + else + { + /* Store it for later display. */ + struct kidlist_item *x = xmalloc (sizeof *x); + x->kid[0] = enc->keyid[0]; + x->kid[1] = enc->keyid[1]; + x->pubkey_algo = enc->pubkey_algo; + x->reason = result; + x->next = c->pkenc_list; + c->pkenc_list = x; + + if (!result && opt.verbose > 1) + log_info (_("public key encrypted data: good DEK\n")); + } - free_packet(pkt); + free_packet(pkt); } - -/**************** +/* * Print the list of public key encrypted packets which we could * not decrypt. */ static void -print_pkenc_list( struct kidlist_item *list, int failed ) +print_pkenc_list (struct kidlist_item *list, int failed) { - for( ; list; list = list->next ) { - PKT_public_key *pk; - const char *algstr; + for (; list; list = list->next) + { + PKT_public_key *pk; + const char *algstr; - if ( failed && !list->reason ) - continue; - if ( !failed && list->reason ) - continue; + if (failed && !list->reason) + continue; + if (!failed && list->reason) + continue; + + algstr = openpgp_pk_algo_name (list->pubkey_algo); + pk = xmalloc_clear (sizeof *pk); + + if (!algstr) + algstr = "[?]"; + pk->pubkey_algo = list->pubkey_algo; + if (!get_pubkey (pk, list->kid)) + { + char *p; + log_info (_("encrypted with %u-bit %s key, ID %s, created %s\n"), + nbits_from_pk (pk), algstr, keystr_from_pk(pk), + strtimestamp (pk->timestamp)); + p = get_user_id_native (list->kid); + log_printf (_(" \"%s\"\n"), p); + xfree (p); + } + else + log_info (_("encrypted with %s key, ID %s\n"), + algstr, keystr(list->kid)); - algstr = openpgp_pk_algo_name ( list->pubkey_algo ); - pk = xmalloc_clear( sizeof *pk ); - - if( !algstr ) - algstr = "[?]"; - pk->pubkey_algo = list->pubkey_algo; - if( !get_pubkey( pk, list->kid ) ) - { - char *p; - log_info( _("encrypted with %u-bit %s key, ID %s, created %s\n"), - nbits_from_pk( pk ), algstr, keystr_from_pk(pk), - strtimestamp(pk->timestamp) ); - p=get_user_id_native(list->kid); - log_printf (_(" \"%s\"\n"),p); - xfree(p); - } - else - log_info(_("encrypted with %s key, ID %s\n"), - algstr,keystr(list->kid)); - - free_public_key( pk ); - - if( list->reason == G10ERR_NO_SECKEY ) { - if( is_status_enabled() ) { - char buf[20]; - snprintf (buf, sizeof buf, "%08lX%08lX", - (ulong)list->kid[0], (ulong)list->kid[1]); - write_status_text( STATUS_NO_SECKEY, buf ); + free_public_key (pk); + + if (list->reason == G10ERR_NO_SECKEY) + { + if (is_status_enabled()) + { + char buf[20]; + snprintf (buf, sizeof buf, "%08lX%08lX", + (ulong)list->kid[0], (ulong)list->kid[1]); + write_status_text (STATUS_NO_SECKEY, buf); } } - else if (list->reason) - { - log_info(_("public key decryption failed: %s\n"), - g10_errstr(list->reason)); - write_status_error ("pkdecrypt_failed", list->reason); - } + else if (list->reason) + { + log_info (_("public key decryption failed: %s\n"), + g10_errstr(list->reason)); + write_status_error ("pkdecrypt_failed", list->reason); + } } } static void -proc_encrypted( CTX c, PACKET *pkt ) +proc_encrypted (CTX c, PACKET *pkt) { - int result = 0; + int result = 0; - if (!opt.quiet) - { - if(c->symkeys>1) - log_info(_("encrypted with %lu passphrases\n"),c->symkeys); - else if(c->symkeys==1) - log_info(_("encrypted with 1 passphrase\n")); - print_pkenc_list ( c->pkenc_list, 1 ); - print_pkenc_list ( c->pkenc_list, 0 ); - } + if (!opt.quiet) + { + if (c->symkeys>1) + log_info (_("encrypted with %lu passphrases\n"), c->symkeys); + else if (c->symkeys == 1) + log_info (_("encrypted with 1 passphrase\n")); + print_pkenc_list ( c->pkenc_list, 1 ); + print_pkenc_list ( c->pkenc_list, 0 ); + } - /* FIXME: Figure out the session key by looking at all pkenc packets. */ - - - write_status( STATUS_BEGIN_DECRYPTION ); - - /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/ - if( opt.list_only ) - result = -1; - else if( !c->dek && !c->last_was_session_key ) { - int algo; - STRING2KEY s2kbuf, *s2k = NULL; - - if(opt.override_session_key) - { - c->dek = xmalloc_clear( sizeof *c->dek ); - result=get_override_session_key(c->dek, opt.override_session_key); - if(result) - { - xfree(c->dek); - c->dek = NULL; - } - } - else - { - /* Assume this is old style conventional encrypted data. */ - algo = opt.def_cipher_algo; - if ( algo ) - log_info (_("assuming %s encrypted data\n"), + /* FIXME: Figure out the session key by looking at all pkenc packets. */ + + write_status (STATUS_BEGIN_DECRYPTION); + + /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/ + if (opt.list_only) + result = -1; + else if (!c->dek && !c->last_was_session_key) + { + int algo; + STRING2KEY s2kbuf; + STRING2KEY *s2k = NULL; + + if (opt.override_session_key) + { + c->dek = xmalloc_clear (sizeof *c->dek); + result = get_override_session_key (c->dek, opt.override_session_key); + if (result) + { + xfree (c->dek); + c->dek = NULL; + } + } + else + { + /* Assume this is old style conventional encrypted data. */ + algo = opt.def_cipher_algo; + if (algo) + log_info (_("assuming %s encrypted data\n"), + openpgp_cipher_algo_name (algo)); + else if (openpgp_cipher_test_algo (CIPHER_ALGO_IDEA)) + { + algo = opt.def_cipher_algo; + if (!algo) + algo = opt.s2k_cipher_algo; + log_info (_("IDEA cipher unavailable, " + "optimistically attempting to use %s instead\n"), openpgp_cipher_algo_name (algo)); - else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) ) - { - algo = opt.def_cipher_algo; - if (!algo) - algo = opt.s2k_cipher_algo; - log_info (_("IDEA cipher unavailable, " - "optimistically attempting to use %s instead\n"), - openpgp_cipher_algo_name (algo)); - } - else - { - algo = CIPHER_ALGO_IDEA; - if (!opt.s2k_digest_algo) - { - /* If no digest is given we assume SHA-1. */ - s2kbuf.mode = 0; - s2kbuf.hash_algo = DIGEST_ALGO_SHA1; - s2k = &s2kbuf; - } - log_info (_("assuming %s encrypted data\n"), "IDEA"); - } - - c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL ); - if (c->dek) - c->dek->algo_info_printed = 1; - } + } + else + { + algo = CIPHER_ALGO_IDEA; + if (!opt.s2k_digest_algo) + { + /* If no digest is given we assume SHA-1. */ + s2kbuf.mode = 0; + s2kbuf.hash_algo = DIGEST_ALGO_SHA1; + s2k = &s2kbuf; + } + log_info (_("assuming %s encrypted data\n"), "IDEA"); + } + + c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL ); + if (c->dek) + c->dek->algo_info_printed = 1; + } } - else if( !c->dek ) - result = G10ERR_NO_SECKEY; - - if (!result) - result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek ); - - if( result == -1 ) - ; - else if( !result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE - && opt.ignore_mdc_error)) { - write_status( STATUS_DECRYPTION_OKAY ); - if( opt.verbose > 1 ) - log_info(_("decryption okay\n")); - if( pkt->pkt.encrypted->mdc_method && !result ) - write_status( STATUS_GOODMDC ); - else if(!opt.no_mdc_warn) - log_info (_("WARNING: message was not integrity protected\n")); + else if( !c->dek ) + result = G10ERR_NO_SECKEY; + + if (!result) + result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek ); + + if (result == -1) + ; + else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE + && opt.ignore_mdc_error)) + { + write_status (STATUS_DECRYPTION_OKAY); + if (opt.verbose > 1) + log_info(_("decryption okay\n")); + if (pkt->pkt.encrypted->mdc_method && !result) + write_status (STATUS_GOODMDC); + else if (!opt.no_mdc_warn) + log_info (_("WARNING: message was not integrity protected\n")); } - else if( result == G10ERR_BAD_SIGN ) { - glo_ctrl.lasterr = result; - log_error(_("WARNING: encrypted message has been manipulated!\n")); - write_status( STATUS_BADMDC ); - write_status( STATUS_DECRYPTION_FAILED ); + else if (result == G10ERR_BAD_SIGN) + { + glo_ctrl.lasterr = result; + log_error (_("WARNING: encrypted message has been manipulated!\n")); + write_status (STATUS_BADMDC); + write_status (STATUS_DECRYPTION_FAILED); } - else { - if (gpg_err_code (result) == GPG_ERR_BAD_KEY - && *c->dek->s2k_cacheid != '\0') - { - log_debug(_("cleared passphrase cached with ID: %s\n"), - c->dek->s2k_cacheid); - passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0); - } - glo_ctrl.lasterr = result; - write_status( STATUS_DECRYPTION_FAILED ); - log_error(_("decryption failed: %s\n"), g10_errstr(result)); - /* Hmmm: does this work when we have encrypted using multiple - * ways to specify the session key (symmmetric and PK)*/ + else + { + if (gpg_err_code (result) == GPG_ERR_BAD_KEY + && *c->dek->s2k_cacheid != '\0') + { + log_debug (_("cleared passphrase cached with ID: %s\n"), + c->dek->s2k_cacheid); + passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0); + } + glo_ctrl.lasterr = result; + write_status (STATUS_DECRYPTION_FAILED); + log_error (_("decryption failed: %s\n"), g10_errstr(result)); + /* Hmmm: does this work when we have encrypted using multiple + * ways to specify the session key (symmmetric and PK). */ } - xfree(c->dek); c->dek = NULL; - free_packet(pkt); - c->last_was_session_key = 0; - write_status( STATUS_END_DECRYPTION ); + + xfree (c->dek); + c->dek = NULL; + free_packet (pkt); + c->last_was_session_key = 0; + write_status (STATUS_END_DECRYPTION); } static void proc_plaintext( CTX c, PACKET *pkt ) { - PKT_plaintext *pt = pkt->pkt.plaintext; - int any, clearsig, rc; - KBNODE n; - - literals_seen++; - - if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) - log_info(_("Note: sender requested \"for-your-eyes-only\"\n")); - else if( opt.verbose ) - log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name); - free_md_filter_context( &c->mfx ); - if (gcry_md_open (&c->mfx.md, 0, 0)) - BUG (); - /* fixme: we may need to push the textfilter if we have sigclass 1 - * and no armoring - Not yet tested - * Hmmm, why don't we need it at all if we have sigclass 1 - * Should we assume that plaintext in mode 't' has always sigclass 1?? - * See: Russ Allbery's mail 1999-02-09 - */ - any = clearsig = 0; - for(n=c->list; n; n = n->next ) - { - if( n->pkt->pkttype == PKT_ONEPASS_SIG ) - { - /* For the onepass signature case */ - if( n->pkt->pkt.onepass_sig->digest_algo ) - { - gcry_md_enable (c->mfx.md, - n->pkt->pkt.onepass_sig->digest_algo); - any = 1; - } - } - else if( n->pkt->pkttype == PKT_GPG_CONTROL - && n->pkt->pkt.gpg_control->control - == CTRLPKT_CLEARSIGN_START ) - { - /* For the clearsigned message case */ - size_t datalen = n->pkt->pkt.gpg_control->datalen; - const byte *data = n->pkt->pkt.gpg_control->data; - - /* check that we have at least the sigclass and one hash */ - if ( datalen < 2 ) - log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n"); - /* Note that we don't set the clearsig flag for not-dash-escaped - * documents */ - clearsig = (*data == 0x01); - for( data++, datalen--; datalen; datalen--, data++ ) - gcry_md_enable (c->mfx.md, *data); - any = 1; - break; /* Stop here as one-pass signature packets are not - expected. */ - } - else if(n->pkt->pkttype==PKT_SIGNATURE) - { - /* For the SIG+LITERAL case that PGP used to use. */ - gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo ); - any=1; - } - } + PKT_plaintext *pt = pkt->pkt.plaintext; + int any, clearsig, rc; + kbnode_t n; - if( !any && !opt.skip_verify ) - { - /* This is for the old GPG LITERAL+SIG case. It's not legal - according to 2440, so hopefully it won't come up that - often. There is no good way to specify what algorithms to - use in that case, so these three are the historical - answer. */ - gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); - gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); - } - if ( DBG_HASHING ) { - gcry_md_debug ( c->mfx.md, "verify" ); - if ( c->mfx.md2 ) - gcry_md_debug ( c->mfx.md2, "verify2" ); + literals_seen++; + + if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8)) + log_info (_("Note: sender requested \"for-your-eyes-only\"\n")); + else if (opt.verbose) + log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name); + + free_md_filter_context (&c->mfx); + if (gcry_md_open (&c->mfx.md, 0, 0)) + BUG (); + /* fixme: we may need to push the textfilter if we have sigclass 1 + * and no armoring - Not yet tested + * Hmmm, why don't we need it at all if we have sigclass 1 + * Should we assume that plaintext in mode 't' has always sigclass 1?? + * See: Russ Allbery's mail 1999-02-09 + */ + any = clearsig = 0; + for (n=c->list; n; n = n->next ) + { + if (n->pkt->pkttype == PKT_ONEPASS_SIG) + { + /* The onepass signature case. */ + if (n->pkt->pkt.onepass_sig->digest_algo) + { + gcry_md_enable (c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo); + any = 1; + } + } + else if (n->pkt->pkttype == PKT_GPG_CONTROL + && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START) + { + /* The clearsigned message case. */ + size_t datalen = n->pkt->pkt.gpg_control->datalen; + const byte *data = n->pkt->pkt.gpg_control->data; + + /* Check that we have at least the sigclass and one hash. */ + if (datalen < 2) + log_fatal ("invalid control packet CTRLPKT_CLEARSIGN_START\n"); + /* Note that we don't set the clearsig flag for not-dash-escaped + * documents. */ + clearsig = (*data == 0x01); + for (data++, datalen--; datalen; datalen--, data++) + gcry_md_enable (c->mfx.md, *data); + any = 1; + break; /* Stop here as one-pass signature packets are not + expected. */ + } + else if (n->pkt->pkttype == PKT_SIGNATURE) + { + /* The SIG+LITERAL case that PGP used to use. */ + gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo ); + any = 1; + } } - rc=0; + if (!any && !opt.skip_verify) + { + /* This is for the old GPG LITERAL+SIG case. It's not legal + according to 2440, so hopefully it won't come up that often. + There is no good way to specify what algorithms to use in + that case, so these there are the historical answer. */ + gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); + gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); + } + if (DBG_HASHING) + { + gcry_md_debug (c->mfx.md, "verify"); + if (c->mfx.md2) + gcry_md_debug (c->mfx.md2, "verify2"); + } - if (literals_seen>1) - { - log_info (_("WARNING: multiple plaintexts seen\n")); - - if (!opt.flags.allow_multiple_messages) - { - write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA"); - log_inc_errorcount (); - rc = gpg_error (GPG_ERR_UNEXPECTED); - } - } + rc=0; - if(!rc) - { - rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); - if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) - { - /* Can't write output but we hash it anyway to check the - signature. */ - rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); - } - } + if (literals_seen > 1) + { + log_info (_("WARNING: multiple plaintexts seen\n")); - if( rc ) - log_error( "handle plaintext failed: %s\n", g10_errstr(rc)); - free_packet(pkt); - c->last_was_session_key = 0; - - /* We add a marker control packet instead of the plaintext packet. - * This is so that we can later detect invalid packet sequences. - */ - n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0)); - if (c->list) - add_kbnode (c->list, n); - else - c->list = n; + if (!opt.flags.allow_multiple_messages) + { + write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA"); + log_inc_errorcount (); + rc = gpg_error (GPG_ERR_UNEXPECTED); + } + } + + if (!rc) + { + rc = handle_plaintext (pt, &c->mfx, c->sigs_only, clearsig); + if (gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only) + { + /* Can't write output but we hash it anyway to check the + signature. */ + rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); + } + } + + if (rc) + log_error ("handle plaintext failed: %s\n", g10_errstr(rc)); + + free_packet(pkt); + c->last_was_session_key = 0; + + /* We add a marker control packet instead of the plaintext packet. + * This is so that we can later detect invalid packet sequences. */ + n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0)); + if (c->list) + add_kbnode (c->list, n); + else + c->list = n; } static int -proc_compressed_cb( IOBUF a, void *info ) +proc_compressed_cb (iobuf_t a, void *info) { if ( ((CTX)info)->signed_data.used && ((CTX)info)->signed_data.data_fd != -1) @@ -746,15 +778,17 @@ proc_compressed_cb( IOBUF a, void *info ) ((CTX)info)->sigfilename ); } + static int -proc_encrypt_cb (IOBUF a, void *info ) +proc_encrypt_cb (iobuf_t a, void *info ) { CTX c = info; return proc_encryption_packets (c->ctrl, info, a ); } + static int -proc_compressed( CTX c, PACKET *pkt ) +proc_compressed (CTX c, PACKET *pkt) { PKT_compressed *zd = pkt->pkt.compressed; int rc; @@ -786,123 +820,135 @@ proc_compressed( CTX c, PACKET *pkt ) return rc; } -/**************** + +/* * check the signature * Returns: 0 = valid signature or an error code */ static int -do_check_sig( CTX c, KBNODE node, int *is_selfsig, - int *is_expkey, int *is_revkey ) +do_check_sig (CTX c, kbnode_t node, int *is_selfsig, + int *is_expkey, int *is_revkey) { - PKT_signature *sig; - gcry_md_hd_t md = NULL, md2 = NULL; - int algo, rc; - - assert( node->pkt->pkttype == PKT_SIGNATURE ); - if( is_selfsig ) - *is_selfsig = 0; - sig = node->pkt->pkt.signature; - - algo = sig->digest_algo; - rc = openpgp_md_test_algo(algo); - if (rc) - return rc; - - if( sig->sig_class == 0x00 ) { - if( c->mfx.md ) - { - if (gcry_md_copy (&md, c->mfx.md )) - BUG (); - } - else /* detached signature */ - { - /* signature_check() will enable the md*/ - if (gcry_md_open (&md, 0, 0 )) - BUG (); - } + PKT_signature *sig; + gcry_md_hd_t md = NULL; + gcry_md_hd_t md2 = NULL; + int algo, rc; + + assert (node->pkt->pkttype == PKT_SIGNATURE); + if (is_selfsig) + *is_selfsig = 0; + sig = node->pkt->pkt.signature; + + algo = sig->digest_algo; + rc = openpgp_md_test_algo (algo); + if (rc) + return rc; + + if (sig->sig_class == 0x00) + { + if (c->mfx.md) + { + if (gcry_md_copy (&md, c->mfx.md )) + BUG (); + } + else /* detached signature */ + { + /* signature_check() will enable the md. */ + if (gcry_md_open (&md, 0, 0 )) + BUG (); + } } - else if( sig->sig_class == 0x01 ) { - /* how do we know that we have to hash the (already hashed) text - * in canonical mode ??? (calculating both modes???) */ - if( c->mfx.md ) { - if (gcry_md_copy (&md, c->mfx.md )) - BUG (); - if( c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2 )) - BUG (); + else if (sig->sig_class == 0x01) + { + /* How do we know that we have to hash the (already hashed) text + in canonical mode ??? (calculating both modes???) */ + if (c->mfx.md) + { + if (gcry_md_copy (&md, c->mfx.md )) + BUG (); + if (c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2)) + BUG (); } - else { /* detached signature */ - log_debug("Do we really need this here?"); - /* signature_check() will enable the md*/ - if (gcry_md_open (&md, 0, 0 )) - BUG (); - if (gcry_md_open (&md2, 0, 0 )) - BUG (); + else /* detached signature */ + { + log_debug ("Do we really need this here?"); + /* signature_check() will enable the md*/ + if (gcry_md_open (&md, 0, 0 )) + BUG (); + if (gcry_md_open (&md2, 0, 0 )) + BUG (); } } - else if( (sig->sig_class&~3) == 0x10 - || sig->sig_class == 0x18 - || sig->sig_class == 0x1f - || sig->sig_class == 0x20 - || sig->sig_class == 0x28 - || sig->sig_class == 0x30 ) { - if( c->list->pkt->pkttype == PKT_PUBLIC_KEY - || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { - return check_key_signature( c->list, node, is_selfsig ); + else if ((sig->sig_class&~3) == 0x10 + || sig->sig_class == 0x18 + || sig->sig_class == 0x1f + || sig->sig_class == 0x20 + || sig->sig_class == 0x28 + || sig->sig_class == 0x30) + { + if (c->list->pkt->pkttype == PKT_PUBLIC_KEY + || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + return check_key_signature( c->list, node, is_selfsig ); } - else if( sig->sig_class == 0x20 ) { - log_error (_("standalone revocation - " - "use \"gpg --import\" to apply\n")); - return G10ERR_NOT_PROCESSED; + else if (sig->sig_class == 0x20) + { + log_error (_("standalone revocation - " + "use \"gpg --import\" to apply\n")); + return G10ERR_NOT_PROCESSED; } - else { - log_error("invalid root packet for sigclass %02x\n", - sig->sig_class); - return G10ERR_SIG_CLASS; + else + { + log_error ("invalid root packet for sigclass %02x\n", sig->sig_class); + return G10ERR_SIG_CLASS; } } - else - return G10ERR_SIG_CLASS; - rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL ); - if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 ) - rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL ); - gcry_md_close(md); - gcry_md_close(md2); + else + return G10ERR_SIG_CLASS; - return rc; + rc = signature_check2 (sig, md, NULL, is_expkey, is_revkey, NULL); + if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2) + rc = signature_check2 (sig, md2, NULL, is_expkey, is_revkey, NULL); + + gcry_md_close (md); + gcry_md_close (md2); + + return rc; } static void -print_userid( PACKET *pkt ) +print_userid (PACKET *pkt) { - if( !pkt ) - BUG(); - if( pkt->pkttype != PKT_USER_ID ) { - printf("ERROR: unexpected packet type %d", pkt->pkttype ); - return; + if (!pkt) + BUG(); + + if (pkt->pkttype != PKT_USER_ID) + { + printf ("ERROR: unexpected packet type %d", pkt->pkttype ); + return; } - if( opt.with_colons ) - { - if(pkt->pkt.user_id->attrib_data) - printf("%u %lu", - pkt->pkt.user_id->numattribs, - pkt->pkt.user_id->attrib_len); - else - es_write_sanitized (es_stdout, pkt->pkt.user_id->name, - pkt->pkt.user_id->len, ":", NULL); - } - else - print_utf8_buffer (es_stdout, pkt->pkt.user_id->name, - pkt->pkt.user_id->len ); + if (opt.with_colons) + { + if (pkt->pkt.user_id->attrib_data) + printf("%u %lu", + pkt->pkt.user_id->numattribs, + pkt->pkt.user_id->attrib_len); + else + es_write_sanitized (es_stdout, pkt->pkt.user_id->name, + pkt->pkt.user_id->len, ":", NULL); + } + else + print_utf8_buffer (es_stdout, pkt->pkt.user_id->name, + pkt->pkt.user_id->len ); } -/**************** - * List the certificate in a user friendly way +/* + * List the keyblock in a user friendly way */ - static void -list_node( CTX c, KBNODE node ) +list_node (CTX c, kbnode_t node) { int mainkey; char pkstrbuf[PUBKEY_STRING_SIZE]; @@ -1104,66 +1150,64 @@ list_node( CTX c, KBNODE node ) } - int -proc_packets (ctrl_t ctrl, void *anchor, IOBUF a ) +proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a ) { - int rc; - CTX c = xmalloc_clear( sizeof *c ); + int rc; + CTX c = xmalloc_clear (sizeof *c); - c->ctrl = ctrl; - c->anchor = anchor; - rc = do_proc_packets( c, a ); - xfree( c ); - return rc; -} + c->ctrl = ctrl; + c->anchor = anchor; + rc = do_proc_packets (c, a); + xfree (c); + return rc; +} int -proc_signature_packets (ctrl_t ctrl, void *anchor, IOBUF a, +proc_signature_packets (ctrl_t ctrl, void *anchor, iobuf_t a, strlist_t signedfiles, const char *sigfilename ) { - CTX c = xmalloc_clear( sizeof *c ); - int rc; - - c->ctrl = ctrl; - c->anchor = anchor; - c->sigs_only = 1; - - c->signed_data.data_fd = -1; - c->signed_data.data_names = signedfiles; - c->signed_data.used = !!signedfiles; - - c->sigfilename = sigfilename; - rc = do_proc_packets( c, a ); - - /* If we have not encountered any signature we print an error - messages, send a NODATA status back and return an error code. - Using log_error is required because verify_files does not check - error codes for each file but we want to terminate the process - with an error. */ - if (!rc && !c->any.sig_seen) - { - write_status_text (STATUS_NODATA, "4"); - log_error (_("no signature found\n")); - rc = G10ERR_NO_DATA; - } + CTX c = xmalloc_clear (sizeof *c); + int rc; + + c->ctrl = ctrl; + c->anchor = anchor; + c->sigs_only = 1; - /* Propagate the signature seen flag upward. Do this only on - success so that we won't issue the nodata status several - times. */ - if (!rc && c->anchor && c->any.sig_seen) - c->anchor->any.sig_seen = 1; + c->signed_data.data_fd = -1; + c->signed_data.data_names = signedfiles; + c->signed_data.used = !!signedfiles; - xfree( c ); - return rc; + c->sigfilename = sigfilename; + rc = do_proc_packets ( c, a ); + + /* If we have not encountered any signature we print an error + messages, send a NODATA status back and return an error code. + Using log_error is required because verify_files does not check + error codes for each file but we want to terminate the process + with an error. */ + if (!rc && !c->any.sig_seen) + { + write_status_text (STATUS_NODATA, "4"); + log_error (_("no signature found\n")); + rc = G10ERR_NO_DATA; + } + + /* Propagate the signature seen flag upward. Do this only on success + so that we won't issue the nodata status several times. */ + if (!rc && c->anchor && c->any.sig_seen) + c->anchor->any.sig_seen = 1; + + xfree (c); + return rc; } int proc_signature_packets_by_fd (ctrl_t ctrl, - void *anchor, IOBUF a, int signed_data_fd ) + void *anchor, iobuf_t a, int signed_data_fd ) { int rc; CTX c; @@ -1205,17 +1249,17 @@ proc_signature_packets_by_fd (ctrl_t ctrl, int -proc_encryption_packets (ctrl_t ctrl, void *anchor, IOBUF a ) +proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a ) { - CTX c = xmalloc_clear( sizeof *c ); - int rc; - - c->ctrl = ctrl; - c->anchor = anchor; - c->encrypt_only = 1; - rc = do_proc_packets( c, a ); - xfree( c ); - return rc; + CTX c = xmalloc_clear (sizeof *c); + int rc; + + c->ctrl = ctrl; + c->anchor = anchor; + c->encrypt_only = 1; + rc = do_proc_packets (c, a); + xfree (c); + return rc; } @@ -1233,152 +1277,168 @@ check_nesting (CTX c) write_status_text (STATUS_UNEXPECTED, "1"); return GPG_ERR_BAD_DATA; } + return 0; } static int -do_proc_packets( CTX c, IOBUF a ) +do_proc_packets (CTX c, iobuf_t a) { - PACKET *pkt; - int rc = 0; - int any_data = 0; - int newpkt; - - rc = check_nesting (c); - if (rc) - return rc; - - pkt = xmalloc( sizeof *pkt ); - c->iobuf = a; - init_packet(pkt); - while( (rc=parse_packet(a, pkt)) != -1 ) { - any_data = 1; - if( rc ) { - free_packet(pkt); - /* stop processing when an invalid packet has been encountered - * but don't do so when we are doing a --list-packets. */ - if (gpg_err_code (rc) == GPG_ERR_INV_PACKET - && opt.list_packets != 2 ) - break; - continue; + PACKET *pkt; + int rc = 0; + int any_data = 0; + int newpkt; + + rc = check_nesting (c); + if (rc) + return rc; + + pkt = xmalloc( sizeof *pkt ); + c->iobuf = a; + init_packet(pkt); + while ((rc=parse_packet(a, pkt)) != -1) + { + any_data = 1; + if (rc) + { + free_packet (pkt); + /* Stop processing when an invalid packet has been encountered + * but don't do so when we are doing a --list-packets. */ + if (gpg_err_code (rc) == GPG_ERR_INV_PACKET + && opt.list_packets != 2 ) + break; + continue; } - newpkt = -1; - if( opt.list_packets ) { - switch( pkt->pkttype ) { - case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break; - case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break; - case PKT_ENCRYPTED: - case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break; - case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break; - default: newpkt = 0; break; + newpkt = -1; + if (opt.list_packets) + { + switch (pkt->pkttype) + { + case PKT_PUBKEY_ENC: proc_pubkey_enc (c, pkt); break; + case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break; + case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break; + default: newpkt = 0; break; } } - else if( c->sigs_only ) { - switch( pkt->pkttype ) { - case PKT_PUBLIC_KEY: - case PKT_SECRET_KEY: - case PKT_USER_ID: - case PKT_SYMKEY_ENC: - case PKT_PUBKEY_ENC: - case PKT_ENCRYPTED: - case PKT_ENCRYPTED_MDC: - write_status_text( STATUS_UNEXPECTED, "0" ); - rc = G10ERR_UNEXPECTED; - goto leave; - case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; - case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break; - case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break; - case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break; - case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break; - default: newpkt = 0; break; + else if (c->sigs_only) + { + switch (pkt->pkttype) + { + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: + case PKT_USER_ID: + case PKT_SYMKEY_ENC: + case PKT_PUBKEY_ENC: + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: + write_status_text( STATUS_UNEXPECTED, "0" ); + rc = G10ERR_UNEXPECTED; + goto leave; + + case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break; + case PKT_PLAINTEXT: proc_plaintext (c, pkt); break; + case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break; + case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break; + case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break; + default: newpkt = 0; break; } } - else if( c->encrypt_only ) { - switch( pkt->pkttype ) { - case PKT_PUBLIC_KEY: - case PKT_SECRET_KEY: - case PKT_USER_ID: - write_status_text( STATUS_UNEXPECTED, "0" ); - rc = G10ERR_UNEXPECTED; - goto leave; - case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; - case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break; - case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break; - case PKT_ENCRYPTED: - case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break; - case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break; - case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break; - case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break; - case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break; - default: newpkt = 0; break; + else if (c->encrypt_only) + { + switch (pkt->pkttype) + { + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: + case PKT_USER_ID: + write_status_text (STATUS_UNEXPECTED, "0"); + rc = G10ERR_UNEXPECTED; + goto leave; + + case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break; + case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break; + case PKT_PUBKEY_ENC: proc_pubkey_enc (c, pkt); break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break; + case PKT_PLAINTEXT: proc_plaintext (c, pkt); break; + case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break; + case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break; + case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break; + default: newpkt = 0; break; } } - else { - switch( pkt->pkttype ) { - case PKT_PUBLIC_KEY: - case PKT_SECRET_KEY: - release_list( c ); - c->list = new_kbnode( pkt ); - newpkt = 1; - break; - case PKT_PUBLIC_SUBKEY: - case PKT_SECRET_SUBKEY: - newpkt = add_subkey( c, pkt ); - break; - case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break; - case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; - case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break; - case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break; - case PKT_ENCRYPTED: - case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break; - case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break; - case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break; - case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break; - case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break; - case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break; - default: newpkt = 0; break; + else + { + switch (pkt->pkttype) + { + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: + release_list (c); + c->list = new_kbnode (pkt); + newpkt = 1; + break; + case PKT_PUBLIC_SUBKEY: + case PKT_SECRET_SUBKEY: + newpkt = add_subkey (c, pkt); + break; + case PKT_USER_ID: newpkt = add_user_id (c, pkt); break; + case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break; + case PKT_PUBKEY_ENC: proc_pubkey_enc (c, pkt); break; + case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break; + case PKT_PLAINTEXT: proc_plaintext (c, pkt); break; + case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break; + case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break; + case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break; + case PKT_RING_TRUST: newpkt = add_ring_trust (c, pkt); break; + default: newpkt = 0; break; } } - if (rc) - goto leave; - - /* This is a very ugly construct and frankly, I don't remember why - * I used it. Adding the MDC check here is a hack. - * The right solution is to initiate another context for encrypted - * packet and not to reuse the current one ... It works right - * when there is a compression packet inbetween which adds just - * an extra layer. - * Hmmm: Rewrite this whole module here?? - */ - if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC ) - c->any.data = (pkt->pkttype == PKT_PLAINTEXT); - - if( newpkt == -1 ) - ; - else if( newpkt ) { - pkt = xmalloc( sizeof *pkt ); - init_packet(pkt); + if (rc) + goto leave; + + /* This is a very ugly construct and frankly, I don't remember why + * I used it. Adding the MDC check here is a hack. + * The right solution is to initiate another context for encrypted + * packet and not to reuse the current one ... It works right + * when there is a compression packet inbetween which adds just + * an extra layer. + * Hmmm: Rewrite this whole module here?? + */ + if (pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC) + c->any.data = (pkt->pkttype == PKT_PLAINTEXT); + + if (newpkt == -1) + ; + else if (newpkt) + { + pkt = xmalloc (sizeof *pkt); + init_packet (pkt); } - else - free_packet(pkt); + else + free_packet(pkt); } - if( rc == G10ERR_INVALID_PACKET ) - write_status_text( STATUS_NODATA, "3" ); - if( any_data ) - rc = 0; - else if( rc == -1 ) - write_status_text( STATUS_NODATA, "2" ); - - - leave: - release_list( c ); - xfree(c->dek); - free_packet( pkt ); - xfree( pkt ); - free_md_filter_context( &c->mfx ); - return rc; + + if (rc == G10ERR_INVALID_PACKET) + write_status_text (STATUS_NODATA, "3"); + + if (any_data) + rc = 0; + else if (rc == -1) + write_status_text (STATUS_NODATA, "2"); + + + leave: + release_list (c); + xfree(c->dek); + free_packet (pkt); + xfree (pkt); + free_md_filter_context (&c->mfx); + return rc; } @@ -1476,7 +1536,7 @@ print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un, static int -check_sig_and_print (CTX c, KBNODE node) +check_sig_and_print (CTX c, kbnode_t node) { PKT_signature *sig = node->pkt->pkt.signature; const char *astr; @@ -1520,7 +1580,7 @@ check_sig_and_print (CTX c, KBNODE node) introduce a bug here. */ { - KBNODE n; + kbnode_t n; int n_onepass, n_sig; /* log_debug ("checking signature packet composition\n"); */ @@ -1975,206 +2035,231 @@ check_sig_and_print (CTX c, KBNODE node) } -/**************** +/* * Process the tree which starts at node */ static void -proc_tree( CTX c, KBNODE node ) +proc_tree (CTX c, kbnode_t node) { - KBNODE n1; - int rc; - - if( opt.list_packets || opt.list_only ) - return; - - /* we must skip our special plaintext marker packets here becuase - they may be the root packet. These packets are only used in - addionla checks and skipping them here doesn't matter */ - while ( node - && node->pkt->pkttype == PKT_GPG_CONTROL - && node->pkt->pkt.gpg_control->control - == CTRLPKT_PLAINTEXT_MARK ) { - node = node->next; + kbnode_t n1; + int rc; + + if (opt.list_packets || opt.list_only) + return; + + /* We must skip our special plaintext marker packets here because + they may be the root packet. These packets are only used in + addional checks and skipping them here doesn't matter. */ + while (node + && node->pkt->pkttype == PKT_GPG_CONTROL + && node->pkt->pkt.gpg_control->control == CTRLPKT_PLAINTEXT_MARK) + { + node = node->next; } - if (!node) - return; + if (!node) + return; - c->trustletter = ' '; - if( node->pkt->pkttype == PKT_PUBLIC_KEY - || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { - merge_keys_and_selfsig( node ); - list_node( c, node ); + c->trustletter = ' '; + if (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + merge_keys_and_selfsig (node); + list_node (c, node); } - else if( node->pkt->pkttype == PKT_SECRET_KEY ) { - merge_keys_and_selfsig( node ); - list_node( c, node ); + else if (node->pkt->pkttype == PKT_SECRET_KEY) + { + merge_keys_and_selfsig (node); + list_node (c, node); } - else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) { - /* check all signatures */ - if( !c->any.data ) { - int use_textmode = 0; - - free_md_filter_context( &c->mfx ); - /* prepare to create all requested message digests */ - if (gcry_md_open (&c->mfx.md, 0, 0)) - BUG (); - - /* fixme: why looking for the signature packet and not the - one-pass packet? */ - for ( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) - { - gcry_md_enable (c->mfx.md, - n1->pkt->pkt.signature->digest_algo); - } - - if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01) - use_textmode = 1; - - /* Ask for file and hash it. */ - if( c->sigs_only ) { - if (c->signed_data.used && c->signed_data.data_fd != -1) - rc = hash_datafile_by_fd (c->mfx.md, NULL, - c->signed_data.data_fd, - use_textmode); - else - rc = hash_datafiles (c->mfx.md, NULL, - c->signed_data.data_names, - c->sigfilename, - use_textmode ); + else if (node->pkt->pkttype == PKT_ONEPASS_SIG) + { + /* Check all signatures. */ + if (!c->any.data) + { + int use_textmode = 0; + + free_md_filter_context (&c->mfx); + /* Prepare to create all requested message digests. */ + if (gcry_md_open (&c->mfx.md, 0, 0)) + BUG (); + + /* Fixme: why looking for the signature packet and not the + one-pass packet? */ + for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));) + gcry_md_enable (c->mfx.md, n1->pkt->pkt.signature->digest_algo); + + if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01) + use_textmode = 1; + + /* Ask for file and hash it. */ + if (c->sigs_only) + { + if (c->signed_data.used && c->signed_data.data_fd != -1) + rc = hash_datafile_by_fd (c->mfx.md, NULL, + c->signed_data.data_fd, + use_textmode); + else + rc = hash_datafiles (c->mfx.md, NULL, + c->signed_data.data_names, + c->sigfilename, + use_textmode); } - else { - rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2, - iobuf_get_real_fname(c->iobuf), - use_textmode ); + else + { + rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2, + iobuf_get_real_fname (c->iobuf), + use_textmode); } - if( rc ) { - log_error("can't hash datafile: %s\n", g10_errstr(rc)); - return; + + if (rc) + { + log_error ("can't hash datafile: %s\n", g10_errstr (rc)); + return; } } - else if ( c->signed_data.used ) { - log_error (_("not a detached signature\n") ); - return; + else if (c->signed_data.used) + { + log_error (_("not a detached signature\n")); + return; } - for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) - check_sig_and_print( c, n1 ); + for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));) + check_sig_and_print (c, n1); + } - else if( node->pkt->pkttype == PKT_GPG_CONTROL - && node->pkt->pkt.gpg_control->control - == CTRLPKT_CLEARSIGN_START ) { - /* clear text signed message */ - if( !c->any.data ) { - log_error("cleartext signature without data\n" ); - return; + else if (node->pkt->pkttype == PKT_GPG_CONTROL + && node->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START) + { + /* Clear text signed message. */ + if (!c->any.data) + { + log_error ("cleartext signature without data\n"); + return; } - else if ( c->signed_data.used ) { - log_error (_("not a detached signature\n") ); - return; + else if (c->signed_data.used) + { + log_error (_("not a detached signature\n")); + return; } - for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) - check_sig_and_print( c, n1 ); + for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));) + check_sig_and_print (c, n1); + } - else if( node->pkt->pkttype == PKT_SIGNATURE ) { - PKT_signature *sig = node->pkt->pkt.signature; - int multiple_ok=1; - - n1=find_next_kbnode(node, PKT_SIGNATURE); - if(n1) - { - byte class=sig->sig_class; - byte hash=sig->digest_algo; - - for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE))) - { - /* We can't currently handle multiple signatures of - different classes or digests (we'd pretty much have - to run a different hash context for each), but if - they are all the same, make an exception. */ - if(n1->pkt->pkt.signature->sig_class!=class - || n1->pkt->pkt.signature->digest_algo!=hash) - { - multiple_ok=0; - log_info(_("WARNING: multiple signatures detected. " - "Only the first will be checked.\n")); - break; - } - } - } - - if( sig->sig_class != 0x00 && sig->sig_class != 0x01 ) - log_info(_("standalone signature of class 0x%02x\n"), - sig->sig_class); - else if( !c->any.data ) { - /* detached signature */ - free_md_filter_context( &c->mfx ); - if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) - BUG (); - - if (RFC2440 || RFC4880) - ; /* Strict RFC mode. */ - else if( sig->digest_algo == DIGEST_ALGO_SHA1 - && sig->pubkey_algo == PUBKEY_ALGO_DSA - && sig->sig_class == 0x01 ) { - /* Enable a workaround for a pgp5 bug when the - * detached signature has been created in textmode. */ + else if (node->pkt->pkttype == PKT_SIGNATURE) + { + PKT_signature *sig = node->pkt->pkt.signature; + int multiple_ok = 1; + + n1 = find_next_kbnode (node, PKT_SIGNATURE); + if (n1) + { + byte class = sig->sig_class; + byte hash = sig->digest_algo; + + for (; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE))) + { + /* We can't currently handle multiple signatures of + different classes or digests (we'd pretty much have + to run a different hash context for each), but if + they are all the same, make an exception. */ + if (n1->pkt->pkt.signature->sig_class != class + || n1->pkt->pkt.signature->digest_algo != hash) + { + multiple_ok = 0; + log_info (_("WARNING: multiple signatures detected. " + "Only the first will be checked.\n")); + break; + } + } + } + + if (sig->sig_class != 0x00 && sig->sig_class != 0x01) + { + log_info(_("standalone signature of class 0x%02x\n"), sig->sig_class); + } + else if (!c->any.data) + { + /* Detached signature */ + free_md_filter_context (&c->mfx); + if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) + BUG (); + + if (RFC2440 || RFC4880) + ; /* Strict RFC mode. */ + else if (sig->digest_algo == DIGEST_ALGO_SHA1 + && sig->pubkey_algo == PUBKEY_ALGO_DSA + && sig->sig_class == 0x01) + { + /* Enable a workaround for a pgp5 bug when the detached + * signature has been created in textmode. */ if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 )) BUG (); } - /* Here we used to have another hack to work around a pgp - * 2 bug: It worked by not using the textmode for detached - * signatures; this would let the first signature check - * (on md) fail but the second one (on md2), which adds an - * extra CR would then have produced the "correct" hash. - * This is very, very ugly hack but it may haved help in - * some cases (and break others). - * c->mfx.md2? 0 :(sig->sig_class == 0x01) - */ - - if ( DBG_HASHING ) { - gcry_md_debug( c->mfx.md, "verify" ); - if ( c->mfx.md2 ) - gcry_md_debug( c->mfx.md2, "verify2" ); + /* Here we used to have another hack to work around a pgp + * 2 bug: It worked by not using the textmode for detached + * signatures; this would let the first signature check + * (on md) fail but the second one (on md2), which adds an + * extra CR would then have produced the "correct" hash. + * This is very, very ugly hack but it may haved help in + * some cases (and break others). + * c->mfx.md2? 0 :(sig->sig_class == 0x01) + */ + + if (DBG_HASHING) + { + gcry_md_debug (c->mfx.md, "verify"); + if (c->mfx.md2) + gcry_md_debug (c->mfx.md2, "verify2"); } - if( c->sigs_only ) { - if (c->signed_data.used && c->signed_data.data_fd != -1) - rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2, - c->signed_data.data_fd, - (sig->sig_class == 0x01)); - else - rc = hash_datafiles (c->mfx.md, c->mfx.md2, - c->signed_data.data_names, - c->sigfilename, - (sig->sig_class == 0x01)); + + if (c->sigs_only) + { + if (c->signed_data.used && c->signed_data.data_fd != -1) + rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2, + c->signed_data.data_fd, + (sig->sig_class == 0x01)); + else + rc = hash_datafiles (c->mfx.md, c->mfx.md2, + c->signed_data.data_names, + c->sigfilename, + (sig->sig_class == 0x01)); } - else { - rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2, - iobuf_get_real_fname(c->iobuf), - (sig->sig_class == 0x01) ); + else + { + rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2, + iobuf_get_real_fname(c->iobuf), + (sig->sig_class == 0x01)); } - if( rc ) { - log_error("can't hash datafile: %s\n", g10_errstr(rc)); - return; + + if (rc) + { + log_error ("can't hash datafile: %s\n", g10_errstr(rc)); + return; } } - else if ( c->signed_data.used ) { - log_error (_("not a detached signature\n") ); - return; + else if (c->signed_data.used) + { + log_error (_("not a detached signature\n")); + return; + } + else if (!opt.quiet) + log_info (_("old style (PGP 2.x) signature\n")); + + if (multiple_ok) + { + for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE))) + check_sig_and_print (c, n1); } - else if (!opt.quiet) - log_info(_("old style (PGP 2.x) signature\n")); - - if(multiple_ok) - for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) ) - check_sig_and_print( c, n1 ); - else - check_sig_and_print( c, node ); + else + check_sig_and_print (c, node); + } - else { - dump_kbnode (c->list); - log_error(_("invalid root packet detected in proc_tree()\n")); - dump_kbnode (node); + else + { + dump_kbnode (c->list); + log_error ("invalid root packet detected in proc_tree()\n"); + dump_kbnode (node); } } diff --git a/g10/openfile.c b/g10/openfile.c index 5a43648..ab27f44 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -59,7 +59,7 @@ /* FIXME: Implement opt.interactive. */ -/**************** +/* * Check whether FNAME exists and ask if it's okay to overwrite an * existing one. * Returns: True: it's okay to overwrite or the file does not exist @@ -92,35 +92,37 @@ overwrite_filep( const char *fname ) } -/**************** +/* * Strip known extensions from iname and return a newly allocated * filename. Return NULL if we can't do that. */ char * -make_outfile_name( const char *iname ) +make_outfile_name (const char *iname) { - size_t n; - - if ( iobuf_is_pipe_filename (iname) ) - return xstrdup("-"); - - n = strlen(iname); - if( n > 4 && ( !CMP_FILENAME(iname+n-4, EXTSEP_S GPGEXT_GPG) - || !CMP_FILENAME(iname+n-4, EXTSEP_S "pgp") - || !CMP_FILENAME(iname+n-4, EXTSEP_S "sig") - || !CMP_FILENAME(iname+n-4, EXTSEP_S "asc") ) ) { - char *buf = xstrdup( iname ); - buf[n-4] = 0; - return buf; + size_t n; + + if (iobuf_is_pipe_filename (iname)) + return xstrdup ("-"); + + n = strlen (iname); + if (n > 4 && (!CMP_FILENAME(iname+n-4, EXTSEP_S GPGEXT_GPG) + || !CMP_FILENAME(iname+n-4, EXTSEP_S "pgp") + || !CMP_FILENAME(iname+n-4, EXTSEP_S "sig") + || !CMP_FILENAME(iname+n-4, EXTSEP_S "asc"))) + { + char *buf = xstrdup (iname); + buf[n-4] = 0; + return buf; } - else if( n > 5 && !CMP_FILENAME(iname+n-5, EXTSEP_S "sign") ) { - char *buf = xstrdup( iname ); - buf[n-5] = 0; - return buf; + else if (n > 5 && !CMP_FILENAME(iname+n-5, EXTSEP_S "sign")) + { + char *buf = xstrdup (iname); + buf[n-5] = 0; + return buf; } - log_info(_("%s: unknown suffix\n"), iname ); - return NULL; + log_info (_("%s: unknown suffix\n"), iname); + return NULL; } @@ -168,7 +170,7 @@ ask_outfile_name( const char *name, size_t namelen ) } -/**************** +/* * Make an output filename for the inputfile INAME. * Returns an IOBUF and an errorcode * Mode 0 = use ".gpg" @@ -308,117 +310,132 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm, } -/**************** +/* * Try to open a file without the extension ".sig" or ".asc" * Return NULL if such a file is not available. */ IOBUF open_sigfile( const char *iname, progress_filter_context_t *pfx ) { - IOBUF a = NULL; - size_t len; - - if( !iobuf_is_pipe_filename (iname) ) { - len = strlen(iname); - if( len > 4 && ( !strcmp(iname + len - 4, EXTSEP_S "sig") - || ( len > 5 && !strcmp(iname + len - 5, EXTSEP_S "sign") ) - || !strcmp(iname + len - 4, EXTSEP_S "asc")) ) { - char *buf; - buf = xstrdup(iname); - buf[len-(buf[len-1]=='n'?5:4)] = 0 ; - a = iobuf_open( buf ); - if (a && is_secured_file (iobuf_get_fd (a))) - { - iobuf_close (a); - a = NULL; - gpg_err_set_errno (EPERM); - } - if( a && opt.verbose ) - log_info(_("assuming signed data in '%s'\n"), buf ); - if (a && pfx) - handle_progress (pfx, a, buf); - xfree(buf); + IOBUF a = NULL; + size_t len; + + if (!iobuf_is_pipe_filename (iname)) + { + len = strlen(iname); + if( len > 4 && (!strcmp(iname + len - 4, EXTSEP_S "sig") + || (len > 5 && !strcmp(iname + len - 5, EXTSEP_S "sign")) + || !strcmp(iname + len - 4, EXTSEP_S "asc"))) + { + char *buf; + + buf = xstrdup(iname); + buf[len-(buf[len-1]=='n'?5:4)] = 0 ; + a = iobuf_open( buf ); + if (a && is_secured_file (iobuf_get_fd (a))) + { + iobuf_close (a); + a = NULL; + gpg_err_set_errno (EPERM); + } + if (a && opt.verbose) + log_info (_("assuming signed data in '%s'\n"), buf); + if (a && pfx) + handle_progress (pfx, a, buf); + xfree (buf); } } - return a; + + return a; } + /**************** * Copy the option file skeleton to the given directory. */ static void -copy_options_file( const char *destdir ) +copy_options_file (const char *destdir) { - const char *datadir = gnupg_datadir (); - char *fname; - FILE *src, *dst; - int linefeeds=0; - int c; - mode_t oldmask; - int esc = 0; - int any_option = 0; - - if( opt.dry_run ) - return; - - fname = xmalloc( strlen(datadir) + strlen(destdir) + 15 ); - strcpy(stpcpy(fname, datadir), DIRSEP_S "gpg-conf" SKELEXT ); - src = fopen( fname, "r" ); - if (src && is_secured_file (fileno (src))) - { - fclose (src); - src = NULL; - gpg_err_set_errno (EPERM); - } - if( !src ) { - log_info (_("can't open '%s': %s\n"), fname, strerror(errno) ); - xfree(fname); - return; + const char *datadir = gnupg_datadir (); + char *fname; + FILE *src, *dst; + int linefeeds=0; + int c; + mode_t oldmask; + int esc = 0; + int any_option = 0; + + if (opt.dry_run) + return; + + fname = xmalloc (strlen(datadir) + strlen(destdir) + 15); + strcpy (stpcpy(fname, datadir), DIRSEP_S "gpg-conf" SKELEXT); + src = fopen (fname, "r"); + if (src && is_secured_file (fileno (src))) + { + fclose (src); + src = NULL; + gpg_err_set_errno (EPERM); + } + if (!src) + { + log_info (_("can't open '%s': %s\n"), fname, strerror(errno)); + xfree(fname); + return; } - strcpy(stpcpy(fname, destdir), DIRSEP_S GPGEXT_GPG EXTSEP_S "conf" ); - oldmask=umask(077); - if ( is_secured_filename (fname) ) - { - dst = NULL; - gpg_err_set_errno (EPERM); - } - else - dst = fopen( fname, "w" ); - umask(oldmask); - if( !dst ) { - log_info (_("can't create '%s': %s\n"), fname, strerror(errno) ); - fclose( src ); - xfree(fname); - return; + strcpy (stpcpy (fname, destdir), DIRSEP_S GPGEXT_GPG EXTSEP_S "conf"); + + oldmask = umask (077); + if (is_secured_filename (fname)) + { + dst = NULL; + gpg_err_set_errno (EPERM); + } + else + dst = fopen( fname, "w" ); + umask (oldmask); + + if (!dst) + { + log_info (_("can't create '%s': %s\n"), fname, strerror(errno) ); + fclose (src); + xfree (fname); + return; } - while( (c=getc(src)) != EOF ) { - if( linefeeds < 3 ) { - if( c == '\n' ) - linefeeds++; + while ((c = getc (src)) != EOF) + { + if (linefeeds < 3) + { + if (c == '\n') + linefeeds++; } - else { - putc( c, dst ); - if (c== '\n') - esc = 1; - else if (esc == 1) { - if (c == ' ' || c == '\t') - ; - else if (c == '#') - esc = 2; - else - any_option = 1; + else + { + putc (c, dst); + if (c== '\n') + esc = 1; + else if (esc == 1) + { + if (c == ' ' || c == '\t') + ; + else if (c == '#') + esc = 2; + else + any_option = 1; } } } - fclose( dst ); - fclose( src ); - log_info(_("new configuration file '%s' created\n"), fname ); - if (any_option) - log_info (_("WARNING: options in '%s'" - " are not yet active during this run\n"), - fname); - xfree(fname); + + fclose (dst); + fclose (src); + + log_info (_("new configuration file '%s' created\n"), fname); + if (any_option) + log_info (_("WARNING: options in '%s'" + " are not yet active during this run\n"), + fname); + xfree (fname); } ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 26 +- g10/kbnode.c | 2 + g10/main.h | 5 +- g10/mainproc.c | 2001 +++++++++++++++++++++++++++++-------------------------- g10/openfile.c | 271 ++++---- g10/plaintext.c | 31 +- po/de.po | 15 +- po/fr.po | 15 +- po/ja.po | 15 +- po/uk.po | 15 +- 10 files changed, 1305 insertions(+), 1091 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 14 13:31:49 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 14 Nov 2014 13:31:49 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-16-ga5ca45e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via a5ca45e6168e75aa6f3743b764d601ab3df966b7 (commit) from da95d0d37841b34e2f3d7047f14ab4d98a7c0c56 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a5ca45e6168e75aa6f3743b764d601ab3df966b7 Author: Werner Koch Date: Fri Nov 14 09:36:19 2014 +0100 gpg: Make the use of "--verify FILE" for detached sigs harder. * g10/openfile.c (open_sigfile): Factor some code out to ... (get_matching_datafile): new function. * g10/plaintext.c (hash_datafiles): Do not try to find matching file in batch mode. * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. -- Allowing to use the abbreviated form for detached signatures is a long standing bug which has only been noticed by the public with the release of 2.1.0. :-( What we do is to remove the ability to check detached signature in --batch using the one file abbreviated mode. This should exhibit problems in scripts which use this insecure practice. We also print a warning if a matching data file exists but was not considered because the detached signature was actually a standard signature: gpgv: Good signature from "Werner Koch (dist sig)" gpgv: WARNING: not a detached signature; \ file 'gnupg-2.1.0.tar.bz2' was NOT verified! We can only print a warning because it is possible that a standard signature is indeed to be verified but by coincidence a file with a matching name is stored alongside the standard signature. Reported-by: Simon Nicolussi (to gnupg-users on Nov 7) Signed-off-by: Werner Koch (backported from commit 69384568f66a48eff3968bb1714aa13925580e9f) diff --git a/g10/main.h b/g10/main.h index e97b936..b55a184 100644 --- a/g10/main.h +++ b/g10/main.h @@ -253,7 +253,8 @@ int overwrite_filep( const char *fname ); char *make_outfile_name( const char *iname ); char *ask_outfile_name( const char *name, size_t namelen ); int open_outfile( const char *iname, int mode, iobuf_t *a ); -iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx ); +char *get_matching_datafile (const char *sigfilename); +iobuf_t open_sigfile (const char *sigfilename, progress_filter_context_t *pfx); void try_make_homedir( const char *fname ); /*-- seskey.c --*/ diff --git a/g10/mainproc.c b/g10/mainproc.c index 551ab58..3abcb15 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1959,6 +1959,44 @@ check_sig_and_print( CTX c, KBNODE node ) sig->sig_class==0x01?_("textmode"):_("unknown"), gcry_md_algo_name (sig->digest_algo)); + if (!rc && !c->signed_data.used) + { + /* Signature is basically good but we test whether the + deprecated command + gpg --verify FILE.sig + was used instead of + gpg --verify FILE.sig FILE + to verify a detached signature. If we figure out that a + data file with a matching name exists, we print a warning. + + The problem is that the first form would also verify a + standard signature. This behavior could be used to + create a made up .sig file for a tarball by creating a + standard signature from a valid detached signature packet + (for example from a signed git tag). Then replace the + sig file on the FTP server along with a changed tarball. + Using the first form the verify command would correctly + verify the signature but don't even consider the tarball. */ + kbnode_t n; + char *dfile; + + dfile = get_matching_datafile (c->sigfilename); + if (dfile) + { + for (n = c->list; n; n = n->next) + if (n->pkt->pkttype != PKT_SIGNATURE) + break; + if (n) + { + /* Not only signature packets in the tree thus this + is not a detached signature. */ + log_info (_("WARNING: not a detached signature; " + "file '%s' was NOT verified!\n"), dfile); + } + xfree (dfile); + } + } + if( rc ) g10_errors_seen = 1; if( opt.batch && rc ) diff --git a/g10/openfile.c b/g10/openfile.c index db5cdc2..dc9dfd0 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -287,41 +287,70 @@ open_outfile( const char *iname, int mode, IOBUF *a ) } +/* Find a matching data file for the signature file SIGFILENAME and + return it as a malloced string. If no matching data file is found, + return NULL. */ +char * +get_matching_datafile (const char *sigfilename) +{ + char *fname = NULL; + size_t len; + + if (iobuf_is_pipe_filename (sigfilename)) + return NULL; + + len = strlen (sigfilename); + if (len > 4 + && (!strcmp (sigfilename + len - 4, EXTSEP_S "sig") + || (len > 5 && !strcmp(sigfilename + len - 5, EXTSEP_S "sign")) + || !strcmp(sigfilename + len - 4, EXTSEP_S "asc"))) + { + + fname = xstrdup (sigfilename); + fname[len-(fname[len-1]=='n'?5:4)] = 0 ; + if (access (fname, R_OK )) + { + /* Not found or other error. */ + xfree (fname); + fname = NULL; + } + } + + return fname; +} + + /**************** * Try to open a file without the extension ".sig" or ".asc" * Return NULL if such a file is not available. */ -IOBUF -open_sigfile( const char *iname, progress_filter_context_t *pfx ) +iobuf_t +open_sigfile (const char *sigfilename, progress_filter_context_t *pfx) { - IOBUF a = NULL; - size_t len; - - if( !iobuf_is_pipe_filename (iname) ) { - len = strlen(iname); - if( len > 4 && ( !strcmp(iname + len - 4, EXTSEP_S "sig") - || ( len > 5 && !strcmp(iname + len - 5, EXTSEP_S "sign") ) - || !strcmp(iname + len - 4, EXTSEP_S "asc")) ) { - char *buf; - buf = xstrdup(iname); - buf[len-(buf[len-1]=='n'?5:4)] = 0 ; - a = iobuf_open( buf ); - if (a && is_secured_file (iobuf_get_fd (a))) - { - iobuf_close (a); - a = NULL; - errno = EPERM; - } - if( a && opt.verbose ) - log_info(_("assuming signed data in `%s'\n"), buf ); - if (a && pfx) - handle_progress (pfx, a, buf); - xfree(buf); - } + iobuf_t a = NULL; + char *buf; + + buf = get_matching_datafile (sigfilename); + if (buf) + { + a = iobuf_open (buf); + if (a && is_secured_file (iobuf_get_fd (a))) + { + iobuf_close (a); + a = NULL; + gpg_err_set_errno (EPERM); + } + if (a) + log_info (_("assuming signed data in '%s'\n"), buf); + if (a && pfx) + handle_progress (pfx, a, buf); + xfree (buf); } - return a; + + return a; } + /**************** * Copy the option file skeleton to the given directory. */ diff --git a/g10/plaintext.c b/g10/plaintext.c index 3777648..d24c640 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -546,17 +546,25 @@ hash_datafiles( gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files, pfx = new_progress_context (); if( !files ) { - /* check whether we can open the signed material */ - fp = open_sigfile( sigfilename, pfx ); - if( fp ) { - do_hash( md, md2, fp, textmode ); - iobuf_close(fp); - release_progress_context (pfx); - return 0; - } - log_error (_("no signed data\n")); - release_progress_context (pfx); - return gpg_error (GPG_ERR_NO_DATA); + /* Check whether we can open the signed material. We avoid + trying to open a file if run in batch mode. This assumed + data file for a sig file feature is just a convenience thing + for the command line and the user needs to read possible + warning messages. */ + if (!opt.batch) + { + fp = open_sigfile( sigfilename, pfx ); + if( fp ) + { + do_hash( md, md2, fp, textmode ); + iobuf_close(fp); + release_progress_context (pfx); + return 0; + } + } + log_error (_("no signed data\n")); + release_progress_context (pfx); + return gpg_error (GPG_ERR_NO_DATA); } @@ -615,7 +623,7 @@ hash_datafile_by_fd ( gcry_md_hd_t md, gcry_md_hd_t md2, int data_fd, do_hash ( md, md2, fp, textmode); iobuf_close(fp); - + release_progress_context (pfx); return 0; } ----------------------------------------------------------------------- Summary of changes: g10/main.h | 3 +- g10/mainproc.c | 38 +++++++++++++++++++++++++ g10/openfile.c | 83 +++++++++++++++++++++++++++++++++++++------------------ g10/plaintext.c | 32 +++++++++++++-------- 4 files changed, 116 insertions(+), 40 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 14 19:43:46 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 14 Nov 2014 19:43:46 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-15-gfbb5086 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via fbb50867f81d790c4bf819dcadcd14be6c3f957b (commit) from 42d2474a02aa46e6fecf0e35c067aa0b6481ffbe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fbb50867f81d790c4bf819dcadcd14be6c3f957b Author: Werner Koch Date: Fri Nov 14 09:36:19 2014 +0100 gpg: Make the use of "--verify FILE" for detached sigs harder. * g10/openfile.c (open_sigfile): Factor some code out to ... (get_matching_datafile): new function. * g10/plaintext.c (hash_datafiles): Do not try to find matching file in batch mode. * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. -- Allowing to use the abbreviated form for detached signatures is a long standing bug which has only been noticed by the public with the release of 2.1.0. :-( What we do is to remove the ability to check detached signature in --batch using the one file abbreviated mode. This should exhibit problems in scripts which use this insecure practice. We also print a warning if a matching data file exists but was not considered because the detached signature was actually a standard signature: gpgv: Good signature from "Werner Koch (dist sig)" gpgv: WARNING: not a detached signature; \ file 'gnupg-2.1.0.tar.bz2' was NOT verified! We can only print a warning because it is possible that a standard signature is indeed to be verified but by coincidence a file with a matching name is stored alongside the standard signature. Reported-by: Simon Nicolussi (to gnupg-users on Nov 7) Signed-off-by: Werner Koch (backported from commit 69384568f66a48eff3968bb1714aa13925580e9f) Updated doc/gpg.texi. diff --git a/doc/gpg.texi b/doc/gpg.texi index 728f314..7d08756 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -198,16 +198,22 @@ files which don't begin with an encrypted message. @item --verify @opindex verify -Assume that the first argument is a signed file or a detached signature -and verify it without generating any output. With no arguments, the -signature packet is read from STDIN. If only a sigfile is given, it may -be a complete signature or a detached signature, in which case the -signed stuff is expected in a file without the ".sig" or ".asc" -extension. With more than 1 argument, the first should be a detached -signature and the remaining files are the signed stuff. To read the -signed stuff from STDIN, use @samp{-} as the second filename. For -security reasons a detached signature cannot read the signed material -from STDIN without denoting it in the above way. +Assume that the first argument is a signed file and verify it without +generating any output. With no arguments, the signature packet is +read from STDIN. If only a one argument is given, it is expected to +be a complete signature. + +With more than 1 argument, the first should be a detached signature +and the remaining files ake up the the signed data. To read the signed +data from STDIN, use @samp{-} as the second filename. For security +reasons a detached signature cannot read the signed material from +STDIN without denoting it in the above way. + +Note: If the option @option{--batch} is not used, @command{gpg} +may assume that a single argument is a file with a detached signature +and it will try to find a matching data file by stripping certain +suffixes. Using this historical feature to verify a detached +signature is strongly discouraged; always specify the data file too. Note: When verifying a cleartext signature, @command{gpg} verifies only what makes up the cleartext signed data and not any extra data @@ -217,6 +223,7 @@ out the actual signed data; but there are other pitfalls with this format as well. It is suggested to avoid cleartext signatures in favor of detached signatures. + @item --multifile @opindex multifile This modifies certain other commands to accept multiple files for diff --git a/g10/main.h b/g10/main.h index af35c77..05a4059 100644 --- a/g10/main.h +++ b/g10/main.h @@ -195,6 +195,7 @@ int overwrite_filep( const char *fname ); char *make_outfile_name( const char *iname ); char *ask_outfile_name( const char *name, size_t namelen ); int open_outfile( const char *iname, int mode, IOBUF *a ); +char *get_matching_datafile (const char *sigfilename); IOBUF open_sigfile( const char *iname, progress_filter_context_t *pfx ); void try_make_homedir( const char *fname ); diff --git a/g10/mainproc.c b/g10/mainproc.c index 1e140ed..d355a21 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1940,6 +1940,44 @@ check_sig_and_print( CTX c, KBNODE node ) sig->sig_class==0x01?_("textmode"):_("unknown"), digest_algo_to_string(sig->digest_algo)); + if (!rc && !c->signed_data) + { + /* Signature is basically good but we test whether the + deprecated command + gpg --verify FILE.sig + was used instead of + gpg --verify FILE.sig FILE + to verify a detached signature. If we figure out that a + data file with a matching name exists, we print a warning. + + The problem is that the first form would also verify a + standard signature. This behavior could be used to + create a made up .sig file for a tarball by creating a + standard signature from a valid detached signature packet + (for example from a signed git tag). Then replace the + sig file on the FTP server along with a changed tarball. + Using the first form the verify command would correctly + verify the signature but don't even consider the tarball. */ + kbnode_t n; + char *dfile; + + dfile = get_matching_datafile (c->sigfilename); + if (dfile) + { + for (n = c->list; n; n = n->next) + if (n->pkt->pkttype != PKT_SIGNATURE) + break; + if (n) + { + /* Not only signature packets in the tree thus this + is not a detached signature. */ + log_info (_("WARNING: not a detached signature; " + "file '%s' was NOT verified!\n"), dfile); + } + xfree (dfile); + } + } + if( rc ) g10_errors_seen = 1; if( opt.batch && rc ) diff --git a/g10/openfile.c b/g10/openfile.c index 73fd5db..ac4596b 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -199,7 +199,7 @@ open_outfile( const char *iname, int mode, IOBUF *a ) else { char *buf = NULL; const char *name; - + if ( opt.dry_run ) { #ifdef HAVE_W32_SYSTEM @@ -224,12 +224,12 @@ open_outfile( const char *iname, int mode, IOBUF *a ) char *dot; const char *newsfx = mode==1 ? ".asc" : mode==2 ? ".sig" : ".gpg"; - + buf = xmalloc(strlen(iname)+4+1); strcpy(buf,iname); dot = strrchr(buf, '.' ); if ( dot && dot > buf && dot[1] && strlen(dot) <= 4 - && CMP_FILENAME(newsfx, dot) + && CMP_FILENAME(newsfx, dot) && !(strchr (dot, '/') || strchr (dot, '\\'))) { /* There is a dot, the dot is not the first character, @@ -272,7 +272,7 @@ open_outfile( const char *iname, int mode, IOBUF *a ) xfree (buf); name = buf = tmp; } - + if( !rc ) { if (is_secured_filename (name) ) @@ -300,41 +300,70 @@ open_outfile( const char *iname, int mode, IOBUF *a ) } +/* Find a matching data file for the signature file SIGFILENAME and + return it as a malloced string. If no matching data file is found, + return NULL. */ +char * +get_matching_datafile (const char *sigfilename) +{ + char *fname = NULL; + size_t len; + + if (iobuf_is_pipe_filename (sigfilename)) + return NULL; + + len = strlen (sigfilename); + if (len > 4 + && (!strcmp (sigfilename + len - 4, EXTSEP_S "sig") + || (len > 5 && !strcmp(sigfilename + len - 5, EXTSEP_S "sign")) + || !strcmp(sigfilename + len - 4, EXTSEP_S "asc"))) + { + + fname = xstrdup (sigfilename); + fname[len-(fname[len-1]=='n'?5:4)] = 0 ; + if (access (fname, R_OK )) + { + /* Not found or other error. */ + xfree (fname); + fname = NULL; + } + } + + return fname; +} + + /**************** * Try to open a file without the extension ".sig" or ".asc" * Return NULL if such a file is not available. */ IOBUF -open_sigfile( const char *iname, progress_filter_context_t *pfx ) +open_sigfile (const char *sigfilename, progress_filter_context_t *pfx) { - IOBUF a = NULL; - size_t len; - - if( !iobuf_is_pipe_filename (iname) ) { - len = strlen(iname); - if( len > 4 && ( !strcmp(iname + len - 4, EXTSEP_S "sig") - || ( len > 5 && !strcmp(iname + len - 5, EXTSEP_S "sign") ) - || !strcmp(iname + len - 4, EXTSEP_S "asc")) ) { - char *buf; - buf = xstrdup(iname); - buf[len-(buf[len-1]=='n'?5:4)] = 0 ; - a = iobuf_open( buf ); - if (a && is_secured_file (iobuf_get_fd (a))) - { - iobuf_close (a); - a = NULL; - errno = EPERM; - } - if( a && opt.verbose ) - log_info(_("assuming signed data in `%s'\n"), buf ); - if (a && pfx) - handle_progress (pfx, a, buf); - xfree(buf); - } + iobuf_t a = NULL; + char *buf; + + buf = get_matching_datafile (sigfilename); + if (buf) + { + a = iobuf_open (buf); + if (a && is_secured_file (iobuf_get_fd (a))) + { + iobuf_close (a); + a = NULL; + errno = EPERM; + } + if (a) + log_info (_("assuming signed data in `%s'\n"), buf); + if (a && pfx) + handle_progress (pfx, a, buf); + xfree (buf); } - return a; + + return a; } + /**************** * Copy the option file skeleton to the given directory. */ @@ -398,7 +427,7 @@ copy_options_file( const char *destdir ) ; else if (c == '#') esc = 2; - else + else any_option = 1; } } diff --git a/g10/plaintext.c b/g10/plaintext.c index 29324d9..4a5c3fb 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -538,13 +538,20 @@ hash_datafiles( MD_HANDLE md, MD_HANDLE md2, STRLIST files, STRLIST sl; if( !files ) { - /* check whether we can open the signed material */ - fp = open_sigfile( sigfilename, &pfx ); - if( fp ) { - do_hash( md, md2, fp, textmode ); - iobuf_close(fp); - return 0; - } + /* Check whether we can open the signed material. We avoid + trying to open a file if run in batch mode. This assumed + data file for a sig file feature is just a convenience thing + for the command line and the user needs to read possible + warning messages. */ + if (!opt.batch) { + fp = open_sigfile( sigfilename, &pfx ); + if( fp ) { + do_hash( md, md2, fp, textmode ); + iobuf_close(fp); + return 0; + } + } + log_error (_("no signed data\n")); return G10ERR_OPEN_FILE; } ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 27 +++++++++++------ g10/main.h | 1 + g10/mainproc.c | 38 +++++++++++++++++++++++ g10/openfile.c | 91 ++++++++++++++++++++++++++++++++++++------------------- g10/plaintext.c | 21 ++++++++----- 5 files changed, 130 insertions(+), 48 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 17 13:10:43 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 17 Nov 2014 13:10:43 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-19-g32e8566 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 32e85668b82f6fbcb824eea9548970804fb41d9e (commit) via 165bc397bef1aaad1ad3b2554bb63525ba097c3b (commit) from 9d897f8178610b4ce24f57d625dac71c679ce651 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 32e85668b82f6fbcb824eea9548970804fb41d9e Author: Werner Koch Date: Mon Nov 17 13:08:23 2014 +0100 gpg: Fix a NULL-deref for invalid input data. * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse entry. -- GnuPG-bug-id: 1761 Signed-off-by: Werner Koch diff --git a/g10/mainproc.c b/g10/mainproc.c index b84607a..d908d57 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -551,6 +551,7 @@ proc_encrypted (CTX c, PACKET *pkt) int algo; STRING2KEY s2kbuf; STRING2KEY *s2k = NULL; + int canceled; if (opt.override_session_key) { @@ -591,12 +592,16 @@ proc_encrypted (CTX c, PACKET *pkt) log_info (_("assuming %s encrypted data\n"), "IDEA"); } - c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL ); + c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, &canceled); if (c->dek) c->dek->algo_info_printed = 1; + else if (canceled) + result = gpg_error (GPG_ERR_CANCELED); + else + result = gpg_error (GPG_ERR_INV_PASSPHRASE); } } - else if( !c->dek ) + else if (!c->dek) result = G10ERR_NO_SECKEY; if (!result) @@ -615,7 +620,7 @@ proc_encrypted (CTX c, PACKET *pkt) else if (!opt.no_mdc_warn) log_info (_("WARNING: message was not integrity protected\n")); } - else if (result == G10ERR_BAD_SIGN) + else if (gpg_err_code (result) == G10ERR_BAD_SIGN) { glo_ctrl.lasterr = result; log_error (_("WARNING: encrypted message has been manipulated!\n")); commit 165bc397bef1aaad1ad3b2554bb63525ba097c3b Author: Werner Koch Date: Thu Nov 13 19:23:17 2014 +0100 speedo: Install -dev files for the libraries. -- diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index b43e5ff..aeab7a0 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -596,6 +596,10 @@ LangString DESC_Menu_gnupg_manual ${LANG_GERMAN} \ Section "-libgpg-error" SEC_libgpg_error SetOutPath "$INSTDIR\bin" File bin/libgpg-error-0.dll + SetOutPath "$INSTDIR\lib" + File /oname=libgpg-error.imp lib/libgpg-error.dll.a + SetOutPath "$INSTDIR\include" + File include/gpg-error.h SectionEnd Section "-libiconv" SEC_libiconv @@ -611,21 +615,37 @@ SectionEnd Section "-npth" SEC_npth SetOutPath "$INSTDIR\bin" File bin/libnpth-0.dll + SetOutPath "$INSTDIR\lib" + File /oname=libnpth.imp lib/libnpth.dll.a + SetOutPath "$INSTDIR\include" + File include/npth.h SectionEnd Section "-gcrypt" SEC_gcrypt SetOutPath "$INSTDIR\bin" File bin/libgcrypt-20.dll + SetOutPath "$INSTDIR\lib" + File /oname=libgcrypt.imp lib/libgcrypt.dll.a + SetOutPath "$INSTDIR\include" + File include/gcrypt.h SectionEnd Section "-assuan" SEC_assuan SetOutPath "$INSTDIR\bin" File bin/libassuan-0.dll + SetOutPath "$INSTDIR\lib" + File /oname=libassuan.imp lib/libassuan.dll.a + SetOutPath "$INSTDIR\include" + File include/assuan.h SectionEnd Section "-ksba" SEC_ksba SetOutPath "$INSTDIR\bin" File bin/libksba-8.dll + SetOutPath "$INSTDIR\lib" + File /oname=libksba.imp lib/libksba.dll.a + SetOutPath "$INSTDIR\include" + File include/ksba.h SectionEnd Section "-gpgme" SEC_gpgme @@ -633,6 +653,11 @@ Section "-gpgme" SEC_gpgme File bin/libgpgme-11.dll File bin/libgpgme-glib-11.dll File libexec/gpgme-w32spawn.exe + SetOutPath "$INSTDIR\lib" + File /oname=libgpgme.imp lib/libgpgme.dll.a + File /oname=libgpgme-glib.imp lib/libgpgme-glib.dll.a + SetOutPath "$INSTDIR\include" + File include/gpgme.h SectionEnd Section "-gettext" SEC_gettext @@ -984,22 +1009,32 @@ Section "-un.gpgme" Delete "$INSTDIR\bin\libgpgme-11.dll" Delete "$INSTDIR\bin\libgpgme-glib-11.dll" Delete "$INSTDIR\bin\gpgme-w32spawn.exe" + Delete "$INSTDIR\lib\libgpgme.imp" + Delete "$INSTDIR\include\gpgme.h" SectionEnd Section "-un.ksba" Delete "$INSTDIR\bin\libksba-8.dll" + Delete "$INSTDIR\lib\libksba.imp" + Delete "$INSTDIR\include\ksba.h" SectionEnd Section "-un.assuan" Delete "$INSTDIR\bin\libassuan-0.dll" + Delete "$INSTDIR\lib\libassuan.imp" + Delete "$INSTDIR\include\assuan.h" SectionEnd Section "-un.gcrypt" Delete "$INSTDIR\bin\libgcrypt-20.dll" + Delete "$INSTDIR\lib\libgcrypt.imp" + Delete "$INSTDIR\include\gcrypt.h" SectionEnd Section "-un.npth" Delete "$INSTDIR\bin\libnpth-0.dll" + Delete "$INSTDIR\lib\libnpth.imp" + Delete "$INSTDIR\include\npth.h" SectionEnd Section "-un.zlib" @@ -1012,6 +1047,8 @@ SectionEnd Section "-un.libgpg-error" Delete "$INSTDIR\bin\libgpg-error-0.dll" + Delete "$INSTDIR\lib\libgpg-error.imp" + Delete "$INSTDIR\include\gpg-error.h" SectionEnd Section "-un.gnupg" @@ -1038,6 +1075,7 @@ Section "-un.gnupginst" # Try to remove the top level directories. RMDir "$INSTDIR\bin" RMDir "$INSTDIR\lib" + RMDir "$INSTDIR\include" RMDir "$INSTDIR\share" RMDir "$INSTDIR\etc" RMDir "$INSTDIR" ----------------------------------------------------------------------- Summary of changes: build-aux/speedo/w32/inst.nsi | 38 ++++++++++++++++++++++++++++++++++++++ g10/mainproc.c | 11 ++++++++--- 2 files changed, 46 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 18 02:10:28 2014 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 18 Nov 2014 02:10:28 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.17-7-g40c6c7e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 40c6c7e857bb7fce2abbd0c5d3e6dd66446cb435 (commit) from fad70c63f9b376865d72d685c71cef4dfdd9e3c2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40c6c7e857bb7fce2abbd0c5d3e6dd66446cb435 Author: NIIBE Yutaka Date: Tue Nov 18 10:10:23 2014 +0900 po: Update Japanese translation -- diff --git a/po/ja.po b/po/ja.po index 02279e5..a72b462 100644 --- a/po/ja.po +++ b/po/ja.po @@ -6,9 +6,9 @@ # NIIBE Yutaka , 2014. msgid "" msgstr "" -"Project-Id-Version: libgpg-error 1.7\n" +"Project-Id-Version: libgpg-error 1.17\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-07-04 16:22+0900\n" +"PO-Revision-Date: 2014-11-18 10:03+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -66,7 +66,7 @@ msgid "Assuan" msgstr "Assuan" msgid "TLS" -msgstr "" +msgstr "TLS" msgid "Any source" msgstr "????????" @@ -660,7 +660,7 @@ msgid "Ambiguous result" msgstr "???????" msgid "No crypto context" -msgstr "????????????" +msgstr "??????????????" msgid "Wrong crypto context" msgstr "?????????????" @@ -728,113 +728,89 @@ msgstr "S??????16???????????" msgid "Bad octal character in S-expression" msgstr "S??????8???????????" -#, fuzzy -#| msgid "Bad certificate chain" msgid "No certificate chain" -msgstr "??????????" +msgstr "???????????" -#, fuzzy -#| msgid "Certificate too young" msgid "Certificate is too large" -msgstr "?????????" +msgstr "??????????" -#, fuzzy -#| msgid "Invalid card" msgid "Invalid record" -msgstr "????????" +msgstr "?????????" msgid "The MAC does not verify" -msgstr "" +msgstr "MAC????????" -#, fuzzy -#| msgid "Unexpected tag" msgid "Unexpected message" -msgstr "?????????" +msgstr "????????????" msgid "Compression or decompression failed" -msgstr "" +msgstr "??/?????????" msgid "A counter would wrap" -msgstr "" +msgstr "?????????????????" msgid "Fatal alert message received" -msgstr "" +msgstr "??????????????????" -#, fuzzy -#| msgid "Invalid cipher algorithm" msgid "No cipher algorithm" -msgstr "?????????????" +msgstr "??????????????" -#, fuzzy -#| msgid "Missing issuer certificate" msgid "Missing client certificate" -msgstr "????????????" +msgstr "???????????????" -#, fuzzy -#| msgid "Certificate revoked" msgid "Close notification received" -msgstr "???????????" +msgstr "???????????????" -#, fuzzy -#| msgid "Key expired" msgid "Ticket expired" -msgstr "????????" +msgstr "???????????" -#, fuzzy -#| msgid "Bad public key" msgid "Bad ticket" -msgstr "????????" +msgstr "?????????" -#, fuzzy -#| msgid "Unknown packet" msgid "Unknown identity" -msgstr "?????????" +msgstr "????????????" -#, fuzzy -#| msgid "Bad certificate chain" msgid "Bad certificate message in handshake" -msgstr "??????????" +msgstr "?????????????????????" msgid "Bad certificate request message in handshake" -msgstr "" +msgstr "???????????????????????" msgid "Bad certificate verify message in handshake" -msgstr "" +msgstr "???????????????????????" msgid "Bad change cipher messsage in handshake" -msgstr "" +msgstr "??????????????????????" msgid "Bad client hello message in handshake" -msgstr "" +msgstr "???????????????????????????" msgid "Bad server hello message in handshake" -msgstr "" +msgstr "????????????????????????" msgid "Bad server hello done message in hanshake" -msgstr "" +msgstr "??????????????????????????" msgid "Bad finished message in handshake" -msgstr "" +msgstr "????????????????????" msgid "Bad server key exchange message in handshake" -msgstr "" +msgstr "????????????????????????" msgid "Bad client key exchange message in handshake" -msgstr "" +msgstr "???????????????????????????" msgid "Bogus string" -msgstr "" +msgstr "?????????" -#, fuzzy -#| msgid "Key expired" msgid "Key disabled" -msgstr "????????" +msgstr "??????????" msgid "Not possible with a card based key" msgstr "????????????" msgid "Invalid lock object" -msgstr "?????????????" +msgstr "???????????????" msgid "General IPC error" msgstr "????IPC?????" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 86 ++++++++++++++++++++++---------------------------------------- 1 file changed, 31 insertions(+), 55 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 18 03:20:27 2014 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 18 Nov 2014 03:20:27 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-17-ga1c861e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via a1c861ed380548ccd2819d3f6506ebbad9246561 (commit) from a5ca45e6168e75aa6f3743b764d601ab3df966b7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a1c861ed380548ccd2819d3f6506ebbad9246561 Author: NIIBE Yutaka Date: Tue Nov 18 11:19:51 2014 +0900 po: Update Japanese translation. -- diff --git a/po/ja.po b/po/ja.po index 16bb5da..03a1676 100644 --- a/po/ja.po +++ b/po/ja.po @@ -7,9 +7,9 @@ # msgid "" msgstr "" -"Project-Id-Version: GNU gnupg 2.0.25\n" +"Project-Id-Version: GNU gnupg 2.0.26\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-08-08 10:06+0900\n" +"PO-Revision-Date: 2014-11-18 11:04+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: Japanese \n" "Language: ja\n" @@ -414,7 +414,7 @@ msgstr "?????????????\n" #, c-format msgid "error binding socket to `%s': %s\n" -msgstr "?%s???????????????: %s\n" +msgstr "??????%s???????????: %s\n" #, c-format msgid "listen() failed: %s\n" @@ -563,7 +563,7 @@ msgstr "?%s?????????????? (? %d)\n" #, c-format msgid "invalid keyflag in `%s', line %d\n" -msgstr "?%s????????(? %d)\n" +msgstr "?%s?????????(? %d)\n" #, c-format msgid "error reading `%s', line %d: %s\n" @@ -749,7 +749,7 @@ msgid "out of core while allocating %lu bytes" msgstr "%lu???????????????????" msgid "no running gpg-agent - starting one\n" -msgstr "gpg-agent?????????? - ????????\n" +msgstr "gpg-agent???????? - ?????\n" #, c-format msgid "waiting %d seconds for the agent to come up\n" @@ -1384,7 +1384,7 @@ msgstr "" #, c-format msgid "unable to execute program `%s': %s\n" -msgstr "?%s?????????: %s\n" +msgstr "??????%s?????????: %s\n" #, c-format msgid "unable to execute shell `%s': %s\n" @@ -1502,7 +1502,7 @@ msgid "make a clear text signature" msgstr "?????????????" msgid "make a detached signature" -msgstr "???????" +msgstr "???????" msgid "encrypt data" msgstr "???????" @@ -1640,7 +1640,7 @@ msgstr "" "\n" " -se -r Bob [????] ???Bob???????\n" " --clearsign [????] ?????????????\n" -" --detach-sign [????] ???????\n" +" --detach-sign [????] ???????\n" " --list-keys [??] ????\n" " --fingerprint [??] ?????????????\n" @@ -1791,7 +1791,7 @@ msgstr "*??*: ??%s??????!\n" #, c-format msgid "`%s' is not a valid signature expiration\n" -msgstr "?%s?????????????????\n" +msgstr "?%s?????????????????\n" #, c-format msgid "`%s' is not a valid character set\n" @@ -1899,7 +1899,7 @@ msgid "will not run with insecure memory due to %s\n" msgstr "%s ?????????????????????\n" msgid "you can only make detached or clear signatures while in --pgp2 mode\n" -msgstr "--pgp2?????????????????????????????\n" +msgstr "--pgp2?????????????????????????????\n" msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n" msgstr "--pgp2????????????????????\n" @@ -2117,6 +2117,9 @@ msgstr "???????????????????????? msgid "repair damage from the pks keyserver during import" msgstr "???????pks??????????????????" +msgid "do not clear the ownertrust values during import" +msgstr "??????????????????????" + msgid "do not update the trustdb after import" msgstr "??????????????????????" @@ -2482,7 +2485,7 @@ msgstr "?????%s???????: %s\n" #, c-format msgid "keyring `%s' created\n" -msgstr "?????%s???????\n" +msgstr "?????%s????????\n" #, c-format msgid "keyblock resource `%s': %s\n" @@ -4064,11 +4067,16 @@ msgid "unknown" msgstr "???" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" +"*??*: ?????????????????%s???????*???????*!\n" + +#, c-format msgid "Can't check signature: %s\n" msgstr "??????????: %s\n" msgid "not a detached signature\n" -msgstr "??????????\n" +msgstr "???????????\n" msgid "" "WARNING: multiple signatures detected. Only the first will be checked.\n" @@ -4111,6 +4119,10 @@ msgstr "*??*: ???????????????? %s???\n msgid "WARNING: digest algorithm %s is deprecated\n" msgstr "*??*: ????????????? %s ?????????\n" +#, c-format +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "??: %s ????????????????????\n" + msgid "the IDEA cipher plugin is not present\n" msgstr "IDEA????????????????\n" @@ -4144,6 +4156,17 @@ msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n" msgstr "" "*??*: \"%s\"????????????????? - ???????????\n" +#, c-format +msgid "%s:%u: \"%s%s\" is obsolete in this file - it only has effect in %s\n" +msgstr "" +"%s:%u: \"%s%s\"????????????????? - %s????????????\n" + +#, c-format +msgid "" +"WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n" +msgstr "" +"*??*: \"%s%s\"????????????????? - %s??????????????\n" + msgid "Uncompressed" msgstr "???" @@ -4165,7 +4188,7 @@ msgstr "?????????%s?\n" #, c-format msgid "File `%s' exists. " -msgstr "?????%s??????????" +msgstr "?????%s????????" msgid "Overwrite? (y/N) " msgstr "???????? (y/N) " @@ -4181,12 +4204,12 @@ msgid "writing to stdout\n" msgstr "???????????\n" #, c-format -msgid "assuming signed data in `%s'\n" +msgid "assuming signed data in '%s'\n" msgstr "??????????%s??????????\n" #, c-format msgid "new configuration file `%s' created\n" -msgstr "???????????????????%s???????\n" +msgstr "???????????????????%s????????\n" #, c-format msgid "WARNING: options in `%s' are not yet active during this run\n" @@ -4507,7 +4530,7 @@ msgstr "" "??????????????????\"--output\"?????????????\n" msgid "Detached signature.\n" -msgstr "?????\n" +msgstr "?????\n" msgid "Please enter name of data file: " msgstr "??????????????: " @@ -4650,7 +4673,7 @@ msgstr "???????????\n" #, c-format msgid "protection algorithm %d%s is not supported\n" -msgstr "????????%d%s???????????\n" +msgstr "????????%d%s????????????\n" #, c-format msgid "protection digest %d is not supported\n" @@ -4685,7 +4708,7 @@ msgstr "DSA? %s??????(%u???)?????????\n" #, c-format msgid "DSA key %s requires a %u bit or larger hash\n" -msgstr "DSA? %s ?%u ???????????????????????\n" +msgstr "DSA? %s ?%u ?????????????????\n" msgid "WARNING: signature digest conflict in message\n" msgstr "*??*: ??????????????????????\n" @@ -4725,10 +4748,6 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "*??*: ? %s ???????\n" #, c-format -msgid "Note: signatures using the %s algorithm are rejected\n" -msgstr "??: %s ????????????????????\n" - -#, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "??????????????????%s????????????\n" @@ -4764,7 +4783,7 @@ msgid "%s/%s signature from: \"%s\"\n" msgstr "%s/%s??????:\"%s\"\n" msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n" -msgstr "--pgp2??????PGP 2.x????????????????\n" +msgstr "--pgp2??????PGP 2.x????????????????\n" #, c-format msgid "" @@ -5173,11 +5192,11 @@ msgstr "iconv_open???????: %s\n" #, c-format msgid "conversion from `%s' to `%s' failed: %s\n" -msgstr "?%s????%s????????: %s\n" +msgstr "?%s????%s????????????: %s\n" #, c-format msgid "failed to create temporary file `%s': %s\n" -msgstr "???????%s?????????: %s\n" +msgstr "???????%s???????????: %s\n" #, c-format msgid "error writing to `%s': %s\n" @@ -5199,7 +5218,7 @@ msgstr "(???????) " #, c-format msgid "lock `%s' not made: %s\n" -msgstr "lock ?%s? ????????: %s\n" +msgstr "lock ?%s? ???????????: %s\n" #, c-format msgid "waiting for lock %s...\n" @@ -5499,7 +5518,7 @@ msgstr "????%s??????????????????? #, c-format msgid "no running dirmngr - starting `%s'\n" -msgstr "dirmngr???????? - ??????%s?\n" +msgstr "Dirmngr???????? - ??????%s?\n" msgid "malformed DIRMNGR_INFO environment variable\n" msgstr "DIRMNGR_INFO?????????????\n" @@ -6570,9 +6589,3 @@ msgid "" msgstr "" "??: gpg-check-pattern [?????] ????????\n" "????????????????????????????\n" - -#~ msgid "you may want to start the gpg-agent first\n" -#~ msgstr "?? gpg-agent ??????????\n" - -#~ msgid "error loading `%s': %s\n" -#~ msgstr "?%s????????: %s\n" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 79 ++++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 46 insertions(+), 33 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 18 04:01:25 2014 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 18 Nov 2014 04:01:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-20-ga20b4c9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a20b4c9543c920d3029f898f92c13d4f4b59a096 (commit) from 32e85668b82f6fbcb824eea9548970804fb41d9e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a20b4c9543c920d3029f898f92c13d4f4b59a096 Author: NIIBE Yutaka Date: Tue Nov 18 12:01:22 2014 +0900 po: Update Japanese Translation. -- diff --git a/po/ja.po b/po/ja.po index 5382826..39f16dc 100644 --- a/po/ja.po +++ b/po/ja.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.1\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-08-12 16:21+0200\n" +"PO-Revision-Date: 2014-11-18 11:59+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -75,7 +75,7 @@ msgid "SETERROR %s (try %d of %d)" msgstr "SETERROR %s (?? %d / ?? %d)" msgid "Repeat:" -msgstr "" +msgstr "????:" msgid "PIN too long" msgstr "PIN??????" @@ -241,46 +241,25 @@ msgstr "" msgid "Yes, protection is not needed" msgstr "?????????????" -#, fuzzy, c-format -#| msgid "Name must be at least 5 characters long\n" +#, c-format msgid "A passphrase should be at least %u character long." msgid_plural "A passphrase should be at least %u characters long." -msgstr[0] "???5??????????????\n" - -#, fuzzy, c-format -#| msgid "" -#| "Warning: You have entered an insecure passphrase.%%0AA passphrase should " -#| "contain at least %u digit or%%0Aspecial character." -#| msgid_plural "" -#| "Warning: You have entered an insecure passphrase.%%0AA passphrase should " -#| "contain at least %u digits or%%0Aspecial characters." +msgstr[0] "???????????%u??????????????\n" + +#, c-format msgid "A passphrase should contain at least %u digit or%%0Aspecial character." msgid_plural "" "A passphrase should contain at least %u digits or%%0Aspecial characters." msgstr[0] "" -"??: ???????????????????????%%0A?????????%u" -"?????????%%0A????????????" +"???????????%u??????????????????" -#, fuzzy, c-format -#| msgid "" -#| "Warning: You have entered an insecure passphrase.%%0AA passphrase may not " -#| "be a known term or match%%0Acertain pattern." +#, c-format msgid "A passphrase may not be a known term or match%%0Acertain pattern." msgstr "" -"??: ???????????????????????%%0A??????????" -"??????????%%0A???????????????????????" - -#, fuzzy -#| msgid "" -#| "Warning: You have entered an insecure passphrase.%%0AA passphrase should " -#| "be at least %u character long." -#| msgid_plural "" -#| "Warning: You have entered an insecure passphrase.%%0AA passphrase should " -#| "be at least %u characters long." +"????????????????????????????????????%%0A???????" + msgid "Warning: You have entered an insecure passphrase." -msgstr "" -"??: ???????????????????????%%0A?????????%u" -"??????????" +msgstr "*??*: ???????????????????????" #, c-format msgid "Please enter the passphrase to%0Aprotect your new key" @@ -955,10 +934,8 @@ msgstr "???????????" msgid "missing argument" msgstr "???????" -#, fuzzy -#| msgid "invalid value\n" msgid "invalid argument" -msgstr "????\n" +msgstr "?????" msgid "invalid command" msgstr "???????" @@ -976,10 +953,9 @@ msgstr "????????" msgid "missing argument for option \"%.50s\"\n" msgstr "?????\"%.50s\"?????????\n" -#, fuzzy, c-format -#| msgid "missing argument for option \"%.50s\"\n" +#, c-format msgid "invalid argument for option \"%.50s\"\n" -msgstr "?????\"%.50s\"?????????\n" +msgstr "?????\"%.50s\"?????????\n" #, c-format msgid "option \"%.50s\" does not expect an argument\n" @@ -1623,7 +1599,7 @@ msgid "make a clear text signature" msgstr "?????????????" msgid "make a detached signature" -msgstr "???????" +msgstr "???????" msgid "encrypt data" msgstr "???????" @@ -1653,15 +1629,13 @@ msgid "list secret keys" msgstr "??????" msgid "generate a new key pair" -msgstr "????????" +msgstr "?????????" -#, fuzzy -#| msgid "generate a new key pair" msgid "quickly generate a new key pair" -msgstr "????????" +msgstr "?????????????" msgid "full featured key pair generation" -msgstr "" +msgstr "??????????" msgid "generate a revocation certificate" msgstr "????????" @@ -1775,7 +1749,7 @@ msgstr "" "\n" " -se -r Bob [????] ???Bob???????\n" " --clearsign [????] ?????????????\n" -" --detach-sign [????] ???????\n" +" --detach-sign [????] ???????\n" " --list-keys [??] ????\n" " --fingerprint [??] ????????????\n" @@ -1881,10 +1855,8 @@ msgstr "???????????????'%s'\n" msgid "display photo IDs during key listings" msgstr "????????ID?????" -#, fuzzy -#| msgid "show user ID validity during key listings" msgid "show key usage information during key listings" -msgstr "????????ID?????????" +msgstr "??????????????????" msgid "show policy URLs during signature listings" msgstr "?????????URL?????" @@ -2251,10 +2223,8 @@ msgstr "???????????????????????? msgid "repair damage from the pks keyserver during import" msgstr "???????pks??????????????????" -#, fuzzy -#| msgid "do not update the trustdb after import" msgid "do not clear the ownertrust values during import" -msgstr "??????????????????????" +msgstr "??????????????????????" msgid "do not update the trustdb after import" msgstr "??????????????????????" @@ -2370,13 +2340,12 @@ msgstr "???????????????: gpg --edit-key %s updpref msgid "key %s: no user ID\n" msgstr "?%s: ???ID??????\n" -#, fuzzy, c-format -#| msgid "skipped \"%s\": %s\n" +#, c-format msgid "key %s: %s\n" -msgstr "\"%s\"?????????: %s\n" +msgstr "? %s: %s\n" msgid "rejected by import screener" -msgstr "" +msgstr "????????????????" #, c-format msgid "key %s: PKS subkey corruption repaired\n" @@ -2485,10 +2454,9 @@ msgstr "? %s: ??????????\n" msgid "key %s: error sending to agent: %s\n" msgstr "? %s: ?????????????: %s\n" -#, fuzzy, c-format -#| msgid "secret key \"%s\" not found: %s\n" +#, c-format msgid "secret key %s: %s\n" -msgstr "???\"%s\"????????: %s\n" +msgstr "??? %s: %s\n" msgid "importing secret keys not allowed\n" msgstr "??????????????\n" @@ -3178,12 +3146,10 @@ msgstr "" " ???ID??????????????????\n" msgid "WARNING: Your encryption subkey expires soon.\n" -msgstr "" +msgstr "*??*: ????????????????????????\\n" -#, fuzzy -#| msgid "You can't change the expiration date of a v3 key\n" msgid "You may want to change its expiration date too.\n" -msgstr "v3??????????????\n" +msgstr "????????????????\n" msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " @@ -3518,10 +3484,9 @@ msgstr " (%d) DSA (???????????)\n" msgid " (%d) RSA (set your own capabilities)\n" msgstr " (%d) RSA (???????????)\n" -#, fuzzy, c-format -#| msgid " (%d) ECC\n" +#, c-format msgid " (%d) ECC and ECC\n" -msgstr " (%d) ECC\n" +msgstr " (%d) ECC ? ECC\n" #, c-format msgid " (%d) ECC (sign only)\n" @@ -3727,15 +3692,11 @@ msgstr "??(N)?????(C)??????(E)???????? msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? " msgstr "??(N)?????(C)??????(E)???????OK(O)???(Q)? " -#, fuzzy -#| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? " msgid "Change (N)ame, (E)mail, or (Q)uit? " -msgstr "??(N)?????(C)??????(E)?????????(Q)? " +msgstr "??(N)??????(E)?????????(Q)? " -#, fuzzy -#| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? " msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? " -msgstr "??(N)?????(C)??????(E)???????OK(O)???(Q)? " +msgstr "??(N)??????(E)???????OK(O)???(Q)? " msgid "Please correct the error first\n" msgstr "??????????????\n" @@ -3794,28 +3755,26 @@ msgid "" " \"%s\"\n" "\n" msgstr "" +"???????:\n" +" \"%s\"\n" +"\n" msgid "Continue? (Y/n) " -msgstr "" +msgstr "?????? (Y/n) " -#, fuzzy, c-format -#| msgid "key already exists\n" +#, c-format msgid "A key for \"%s\" already exists\n" -msgstr "????????\n" +msgstr "\"%s\" ?????????\n" -#, fuzzy -#| msgid "Use this key anyway? (y/N) " msgid "Create anyway? (y/N) " -msgstr "?????????????? (y/N) " +msgstr "????????????? (y/N) " -#, fuzzy -#| msgid "generating new key\n" msgid "creating anyway\n" -msgstr "???????\n" +msgstr "??????????\n" #, c-format msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n" -msgstr "" +msgstr "??: ????????? \"%s %s\" ??????\n" msgid "Key generation canceled.\n" msgstr "??????????????\n" @@ -3896,7 +3855,7 @@ msgstr "????: " #, c-format msgid "Warning: %lu key(s) skipped due to their large size\n" -msgstr "" +msgstr "*??*: %lu ???????????????????\n" msgid "Keyring" msgstr "????" @@ -4180,14 +4139,14 @@ msgstr "???????? " #, c-format msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" -msgstr "" +msgstr "*??*: ?????????????????%s??????*??????*!\n" #, c-format msgid "Can't check signature: %s\n" msgstr "??????????: %s\n" msgid "not a detached signature\n" -msgstr "??????????\n" +msgstr "??????????\n" msgid "" "WARNING: multiple signatures detected. Only the first will be checked.\n" @@ -4252,24 +4211,21 @@ msgid "%s:%u: obsolete option \"%s\" - it has no effect\n" msgstr "" "%s:%u: \"%s\"????????????????? - ???????????\n" -#, fuzzy, c-format -#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n" +#, c-format msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n" msgstr "" -"*??*: \"%s\"????????????????? - ???????????\n" +"*??*: \"%s%s\"????????????????? - ???????????\n" -#, fuzzy, c-format -#| msgid "%s:%u: obsolete option \"%s\" - it has no effect\n" +#, c-format msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n" msgstr "" -"%s:%u: \"%s\"????????????????? - ???????????\n" +"%s:%u: \"%s\"??????????????????? - %s????????????\n" -#, fuzzy, c-format -#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n" +#, c-format msgid "" "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n" msgstr "" -"*??*: \"%s\"????????????????? - ???????????\n" +"*??*: \"%s%s\"????????????????? - %s??????????????\n" msgid "Uncompressed" msgstr "???" @@ -4674,7 +4630,7 @@ msgid "error creating '%s': %s\n" msgstr "'%s'??????: %s\n" msgid "Detached signature.\n" -msgstr "?????\n" +msgstr "?????\n" msgid "Please enter name of data file: " msgstr "??????????????: " @@ -5516,8 +5472,6 @@ msgstr "???????????????????????? msgid "failed to open '%s': %s\n" msgstr "'%s'??????: %s\n" -#, fuzzy -#| msgid "note: non-critical certificate policy not allowed" msgid "Note: non-critical certificate policy not allowed" msgstr "??: ???????????????????????" @@ -6911,16 +6865,12 @@ msgstr "" msgid "Usage: @DIRMNGR@ [options] (-h for help)" msgstr "???: @DIRMNGR@ [?????] (???? -h)" -#, fuzzy -#| msgid "" -#| "Syntax: @DIRMNGR@ [options] [command [args]]\n" -#| "LDAP and OCSP access for @GNUPG@\n" msgid "" "Syntax: @DIRMNGR@ [options] [command [args]]\n" "Keyserver, CRL, and OCSP access for @GNUPG@\n" msgstr "" "??: @DIRMNGR@ [?????] [???? [??]]\n" -"@GnuPG@?LDAP?OCSP????\n" +"@GnuPG@??????CRL?OCSP????\n" #, c-format msgid "valid debug levels are: %s\n" @@ -7787,143 +7737,3 @@ msgid "" msgstr "" "??: gpg-check-pattern [?????] ????????\n" "????????????????????????????\n" - -#~ msgid "invalid root packet detected in proc_tree()\n" -#~ msgstr "proc_tree() ?????????????????????\n" - -#~ msgid "no secret subkey for public subkey %s - ignoring\n" -#~ msgstr "????%s??????????????? - ??\n" - -#, fuzzy -#~| msgid "Note: no default option file '%s'\n" -#~ msgid "NOTE: no default option file '%s'\n" -#~ msgstr "*??*: ???????????????? '%s' ??????\n" - -#, fuzzy -#~| msgid "Note: %s is not for normal use!\n" -#~ msgid "NOTE: %s is not for normal use!\n" -#~ msgstr "*??*: ??%s??????!\n" - -#, fuzzy -#~| msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n" -#~ msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n" -#~ msgstr "*??*: v3????????????OpenPGP???????\n" - -#~ msgid "note: non-critical certificate policy not allowed" -#~ msgstr "??: ???????????????????????" - -#~ msgid "use a standard location for the socket" -#~ msgstr "?????????????" - -#~ msgid "|FILE|write environment settings also to FILE" -#~ msgstr "|FILE|FILE?????????????" - -#~ msgid "gpg-agent protocol version %d is not supported\n" -#~ msgstr "gpg-agent???????????%d????????????\n" - -#~ msgid "can't connect to the agent - trying fall back\n" -#~ msgstr "agent???????? - ????????????\n" - -#, fuzzy -#~| msgid "can't create directory '%s': %s\n" -#~ msgid "can't create directory `%s': %s\n" -#~ msgstr "??????'%s'????????: %s\n" - -#, fuzzy -#~| msgid "directory '%s' created\n" -#~ msgid "directory `%s' created\n" -#~ msgstr "??????'%s'????????\n" - -#, fuzzy -#~| msgid "error creating keybox '%s': %s\n" -#~ msgid "error creating keybox `%s': %s\n" -#~ msgstr "keybox'%s'??????: %s\n" - -#, fuzzy -#~| msgid "keybox '%s' created\n" -#~ msgid "keybox `%s' created\n" -#~ msgstr "keybox'%s'????????\n" - -#, fuzzy -#~| msgid "can't create lock for '%s'\n" -#~ msgid "can't create lock for `%s'\n" -#~ msgstr "'%s'????????????\n" - -#~ msgid "" -#~ "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n" -#~ msgstr "--pgp2?????2048??????RSA????????????\n" - -#~ msgid "" -#~ "unable to use the IDEA cipher for all of the keys you are encrypting to.\n" -#~ msgstr "???????????????IDEA?????????\n" - -#~ msgid "" -#~ "you can only make detached or clear signatures while in --pgp2 mode\n" -#~ msgstr "--pgp2?????????????????????????????\n" - -#~ msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n" -#~ msgstr "--pgp2????????????????????\n" - -#~ msgid "" -#~ "you must use files (and not a pipe) when working with --pgp2 enabled.\n" -#~ msgstr "" -#~ "--pgp2???????(??????) ????????????????\n" - -#~ msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n" -#~ msgstr "--pgp2???????????????IDEA?????????\n" - -#~ msgid "" -#~ "You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 " -#~ "mode.\n" -#~ msgstr "--pgp2?????PGP 2.x??OpenPGP?????????\n" - -#~ msgid "This would make the key unusable in PGP 2.x.\n" -#~ msgstr "????PGP 2.x????????????\n" - -#~ msgid "" -#~ "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n" -#~ msgstr "--pgp2??????PGP 2.x????????????????\n" - -#~ msgid "" -#~ "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n" -#~ msgstr "" -#~ "--pgp2?????PGP 2.x??????????????????????\n" - -#~ msgid "you may want to start the gpg-agent first\n" -#~ msgstr "?? gpg-agent ??????????\n" - -#~ msgid "[ revoked]" -#~ msgstr "[ ?? ]" - -#~ msgid "[ expired]" -#~ msgstr "[????]" - -#~ msgid "[ unknown]" -#~ msgstr "[ ?? ]" - -#~ msgid "[ undef ]" -#~ msgstr "[ ??? ]" - -#~ msgid "[marginal]" -#~ msgstr "[????]" - -#~ msgid "[ full ]" -#~ msgstr "[ ?? ]" - -#~ msgid "[ultimate]" -#~ msgstr "[ ?? ]" - -#~ msgid "undefined" -#~ msgstr "???" - -#~ msgid "never" -#~ msgstr "???" - -#~ msgid "marginal" -#~ msgstr "????" - -#~ msgid "full" -#~ msgstr "??" - -#~ msgid "ultimate" -#~ msgstr "??" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 294 +++++++++++--------------------------------------------------- 1 file changed, 52 insertions(+), 242 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 18 05:03:50 2014 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 18 Nov 2014 05:03:50 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-21-gdd9d90c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via dd9d90c197e66c8274555cadb15fca96bffb0de9 (commit) from a20b4c9543c920d3029f898f92c13d4f4b59a096 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd9d90c197e66c8274555cadb15fca96bffb0de9 Author: NIIBE Yutaka Date: Tue Nov 18 13:03:23 2014 +0900 po: Update Japanese Translation. -- Fixing previous commit. diff --git a/po/ja.po b/po/ja.po index 39f16dc..9887d5f 100644 --- a/po/ja.po +++ b/po/ja.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.1\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-11-18 11:59+0900\n" +"PO-Revision-Date: 2014-11-18 13:01+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -244,19 +244,19 @@ msgstr "?????????????" #, c-format msgid "A passphrase should be at least %u character long." msgid_plural "A passphrase should be at least %u characters long." -msgstr[0] "???????????%u??????????????\n" +msgstr[0] "???????????%u???????????????" #, c-format msgid "A passphrase should contain at least %u digit or%%0Aspecial character." msgid_plural "" "A passphrase should contain at least %u digits or%%0Aspecial characters." -msgstr[0] "" -"???????????%u??????????????????" +msgstr[0] "???????????%u??????????????????" #, c-format msgid "A passphrase may not be a known term or match%%0Acertain pattern." msgstr "" -"????????????????????????????????????%%0A???????" +"????????????????????????????????????%%0A" +"???????" msgid "Warning: You have entered an insecure passphrase." msgstr "*??*: ???????????????????????" @@ -3146,7 +3146,7 @@ msgstr "" " ???ID??????????????????\n" msgid "WARNING: Your encryption subkey expires soon.\n" -msgstr "*??*: ????????????????????????\\n" +msgstr "*??*: ????????????????????????\n" msgid "You may want to change its expiration date too.\n" msgstr "????????????????\n" @@ -4139,7 +4139,8 @@ msgstr "???????? " #, c-format msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" -msgstr "*??*: ?????????????????%s??????*??????*!\n" +msgstr "" +"*??*: ?????????????????%s??????*??????*!\n" #, c-format msgid "Can't check signature: %s\n" @@ -4219,13 +4220,15 @@ msgstr "" #, c-format msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n" msgstr "" -"%s:%u: \"%s\"??????????????????? - %s????????????\n" +"%s:%u: \"%s\"??????????????????? - %s??????????" +"??\n" #, c-format msgid "" "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n" msgstr "" -"*??*: \"%s%s\"????????????????? - %s??????????????\n" +"*??*: \"%s%s\"????????????????? - %s???????????" +"???\n" msgid "Uncompressed" msgstr "???" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 18 20:41:56 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 18 Nov 2014 20:41:56 +0100 Subject: [git] GPA - branch, master, updated. gpa-0.9.4-47-gac007f3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via ac007f3204c06b3cb4b272fd1de17baa4d589ae8 (commit) via 7bf586c3d5fec9c7db12e208361843fcd2b66163 (commit) via 68b7faa05eb825ead05c27bb42860da8390f3a25 (commit) from 8bbf24ba918bae0d593ce5431c234789cfad8a7b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ac007f3204c06b3cb4b272fd1de17baa4d589ae8 Author: Werner Koch Date: Tue Nov 18 20:42:15 2014 +0100 Make receiving keys from a keyserver work with GnuPG 2.1 * src/gpaimportop.h (_GpaImportOperation): Add field source2. (_GpaImportOperationClass): Change prototype of get_source and all callers. * src/gpaimportop.c (gpa_import_operation_finalize): Release source2 var. (gpa_import_operation_idle_cb): Use import_keys if source2 is set. (key_import_results_dialog_run): Use modern info functions. * src/gpaimportserverop.c (MAX_KEYSEARCH_RESULTS): New. (search_keys): New. (gpa_import_server_operation_get_source): Make use of source2. * src/gparecvkeydlg.c (gpa_receive_key_dialog_init): Change prompt for gnupg 2.1.0. -- Passing the instance variable to several fucntions of the class was a bit weird. Thus changed to use it direct. diff --git a/src/gpaexportclipop.c b/src/gpaexportclipop.c index 62edb12..1e4c306 100644 --- a/src/gpaexportclipop.c +++ b/src/gpaexportclipop.c @@ -136,8 +136,8 @@ gpa_export_clipboard_operation_complete_export (GpaExportOperation *operation) GpaExportClipboardOperation *op = GPA_EXPORT_CLIPBOARD_OPERATION (operation); if (!dump_data_to_clipboard (operation->dest, gtk_clipboard_get (GDK_SELECTION_CLIPBOARD))) - gpa_window_message (_("The keys have been copied to the clipboard."), - GPA_OPERATION (op)->window); + gpa_show_info(GPA_OPERATION (op)->window, + _("The keys have been copied to the clipboard.")); } /* API */ diff --git a/src/gpaimportclipop.c b/src/gpaimportclipop.c index 2e1eb59..7162982 100644 --- a/src/gpaimportclipop.c +++ b/src/gpaimportclipop.c @@ -30,9 +30,8 @@ static GObjectClass *parent_class = NULL; static gboolean -gpa_import_clipboard_operation_get_source (GpaImportOperation *operation, - gpgme_data_t *source); -static void +gpa_import_clipboard_operation_get_source (GpaImportOperation *operation); +static void gpa_import_clipboard_operation_complete_import (GpaImportOperation *operation); /* GObject boilerplate */ @@ -50,14 +49,14 @@ gpa_import_clipboard_operation_class_init (GpaImportClipboardOperationClass *kla parent_class = g_type_class_peek_parent (klass); import_class->get_source = gpa_import_clipboard_operation_get_source; - import_class->complete_import = gpa_import_clipboard_operation_complete_import; + import_class->complete_import = gpa_import_clipboard_operation_complete_import; } GType gpa_import_clipboard_operation_get_type (void) { static GType clipboard_operation_type = 0; - + if (!clipboard_operation_type) { static const GTypeInfo clipboard_operation_info = @@ -72,36 +71,38 @@ gpa_import_clipboard_operation_get_type (void) 0, /* n_preallocs */ (GInstanceInitFunc) gpa_import_clipboard_operation_init, }; - + clipboard_operation_type = g_type_register_static (GPA_IMPORT_OPERATION_TYPE, "GpaImportClipboardOperation", &clipboard_operation_info, 0); } - + return clipboard_operation_type; } /* Virtual methods */ static gboolean -gpa_import_clipboard_operation_get_source (GpaImportOperation *operation, - gpgme_data_t *source) +gpa_import_clipboard_operation_get_source (GpaImportOperation *operation) { gpg_error_t err; - gchar *text = gtk_clipboard_wait_for_text (gtk_clipboard_get - (GDK_SELECTION_CLIPBOARD)); - + gchar *text; + + text = gtk_clipboard_wait_for_text (gtk_clipboard_get + (GDK_SELECTION_CLIPBOARD)); + gpgme_data_release (operation->source); if (text) { /* Fill the data from the selection clipboard. */ - err = gpgme_data_new_from_mem (source, text, strlen (text), FALSE); + err = gpgme_data_new_from_mem (&operation->source, + text, strlen (text), TRUE); } else { - /* If the keyboard was empty, create an empty data + /* If the keyboard was empty, create an empty data object. */ - err = gpgme_data_new (source); + err = gpgme_data_new (&operation->source); } if (err) @@ -112,7 +113,7 @@ gpa_import_clipboard_operation_get_source (GpaImportOperation *operation, return TRUE; } -static void +static void gpa_import_clipboard_operation_complete_import (GpaImportOperation *operation) { /* Nothing special to do */ @@ -124,7 +125,7 @@ GpaImportClipboardOperation* gpa_import_clipboard_operation_new (GtkWidget *window) { GpaImportClipboardOperation *op; - + op = g_object_new (GPA_IMPORT_CLIPBOARD_OPERATION_TYPE, "window", window, NULL); diff --git a/src/gpaimportfileop.c b/src/gpaimportfileop.c index 71cb02b..81d7995 100644 --- a/src/gpaimportfileop.c +++ b/src/gpaimportfileop.c @@ -31,8 +31,7 @@ static GObjectClass *parent_class = NULL; static gboolean -gpa_import_file_operation_get_source (GpaImportOperation *operation, - gpgme_data_t *source); +gpa_import_file_operation_get_source (GpaImportOperation *operation); static void gpa_import_file_operation_complete_import (GpaImportOperation *operation); @@ -121,8 +120,7 @@ gpa_import_file_operation_get_type (void) /* Virtual methods */ static gboolean -gpa_import_file_operation_get_source (GpaImportOperation *operation, - gpgme_data_t *source) +gpa_import_file_operation_get_source (GpaImportOperation *operation) { GpaImportFileOperation *op = GPA_IMPORT_FILE_OPERATION (operation); GtkWidget *dialog; @@ -134,6 +132,9 @@ gpa_import_file_operation_get_source (GpaImportOperation *operation, GTK_FILE_CHOOSER_ACTION_OPEN, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, GTK_STOCK_OPEN, GTK_RESPONSE_OK, NULL); + gpgme_data_release (operation->source); + operation->source = NULL; + /* Run the dialog until there is a valid response. */ do { @@ -145,8 +146,9 @@ gpa_import_file_operation_get_source (GpaImportOperation *operation, (GTK_FILE_CHOOSER (dialog))); } while (response == GTK_RESPONSE_OK - && (op->fd = gpa_open_input - (op->file, source, GPA_OPERATION (op)->window)) == -1); + && (op->fd = gpa_open_input (op->file, + &operation->source, + GPA_OPERATION (op)->window)) == -1); gtk_widget_destroy (dialog); return (response == GTK_RESPONSE_OK); diff --git a/src/gpaimportop.c b/src/gpaimportop.c index 0680a21..6169952 100644 --- a/src/gpaimportop.c +++ b/src/gpaimportop.c @@ -51,11 +51,17 @@ static void gpa_import_operation_finalize (GObject *object) { GpaImportOperation *op = GPA_IMPORT_OPERATION (object); + int i; /* Free the data object, if it exists */ - if (op->source) + gpgme_data_release (op->source); + op->source = NULL; + if (op->source2) { - gpgme_data_release (op->source); + for (i=0; op->source2[i]; i++) + gpgme_key_unref (op->source2[i]); + g_free (op->source2); + op->source2 = NULL; } G_OBJECT_CLASS (parent_class)->finalize (object); @@ -65,6 +71,7 @@ static void gpa_import_operation_init (GpaImportOperation *op) { op->source = NULL; + op->source2 = NULL; } static GObject* @@ -162,15 +169,29 @@ gpa_import_operation_idle_cb (gpointer data) { GpaImportOperation *op = data; - if (GPA_IMPORT_OPERATION_GET_CLASS (op)->get_source (op, &op->source)) + if (GPA_IMPORT_OPERATION_GET_CLASS (op)->get_source (op)) { gpg_error_t err; - gpgme_set_protocol (GPA_OPERATION (op)->context->ctx, - is_cms_data_ext (op->source)? - GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP); - err = gpgme_op_import_start (GPA_OPERATION (op)->context->ctx, - op->source); + if (op->source) + { + gpgme_set_protocol (GPA_OPERATION (op)->context->ctx, + is_cms_data_ext (op->source)? + GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP); + err = gpgme_op_import_start (GPA_OPERATION (op)->context->ctx, + op->source); + } + else if (op->source2) + { + /* The only protocol where an array of keys is used in GPA + is OpenPGP. */ + gpgme_set_protocol (GPA_OPERATION (op)->context->ctx, + GPGME_PROTOCOL_OpenPGP); + err = gpgme_op_import_keys_start (GPA_OPERATION (op)->context->ctx, + op->source2); + } + else + err = gpg_error (GPG_ERR_BUG); if (err) { gpa_gpgme_warning (err); @@ -185,6 +206,7 @@ gpa_import_operation_idle_cb (gpointer data) return FALSE; } + static void key_import_results_dialog_run (GtkWidget *parent, gpgme_import_result_t info) @@ -192,35 +214,19 @@ key_import_results_dialog_run (GtkWidget *parent, GtkWidget *dialog; if (info->considered == 0) - { - dialog = gtk_message_dialog_new (GTK_WINDOW (parent), - GTK_DIALOG_MODAL, - GTK_MESSAGE_WARNING, - GTK_BUTTONS_CLOSE, - _("No keys were found.")); - } + gpa_show_warning (parent, _("No keys were found.")); else - { - dialog = gtk_message_dialog_new (GTK_WINDOW (parent), - GTK_DIALOG_MODAL, - GTK_MESSAGE_INFO, - GTK_BUTTONS_CLOSE, - _("%i public keys read\n" - "%i public keys imported\n" - "%i public keys unchanged\n" - "%i secret keys read\n" - "%i secret keys imported\n" - "%i secret keys unchanged"), - info->considered, info->imported, - info->unchanged, info->secret_read, - info->secret_imported, - info->secret_unchanged); - } - - /* Run the dialog */ - gtk_widget_show_all (dialog); - gtk_dialog_run (GTK_DIALOG (dialog)); - gtk_widget_destroy (dialog); + gpa_show_info (parent, + _("%i public keys read\n" + "%i public keys imported\n" + "%i public keys unchanged\n" + "%i secret keys read\n" + "%i secret keys imported\n" + "%i secret keys unchanged"), + info->considered, info->imported, + info->unchanged, info->secret_read, + info->secret_imported, + info->secret_unchanged); } diff --git a/src/gpaimportop.h b/src/gpaimportop.h index ac14b22..19efea8 100644 --- a/src/gpaimportop.h +++ b/src/gpaimportop.h @@ -41,16 +41,17 @@ typedef struct _GpaImportOperationClass GpaImportOperationClass; struct _GpaImportOperation { GpaOperation parent; - gpgme_data_t source; + gpgme_data_t source; /* Either a data object with the full key */ + gpgme_key_t *source2; /* or an array of key descriptions. */ }; struct _GpaImportOperationClass { GpaOperationClass parent_class; - /* Get the gpgme_data_t from which the keys should be imported. - * Returns FALSE if the operation should be aborted. + /* Get the data from which the keys should be imported. Returns + * FALSE if the operation should be aborted. */ - gboolean (*get_source) (GpaImportOperation *op, gpgme_data_t *source); + gboolean (*get_source) (GpaImportOperation *op); /* Do whatever it takes to complete the import once the gpgme_data_t is * filled. Basically, this sends the data to the server, the clipboard, diff --git a/src/gpaimportserverop.c b/src/gpaimportserverop.c index d1d93a5..fe383a3 100644 --- a/src/gpaimportserverop.c +++ b/src/gpaimportserverop.c @@ -29,11 +29,17 @@ #include "gpaimportserverop.h" #include "server-access.h" +/* The number of keys we allow to import at once. If we have more + than this we terminate the dialog and ask the user to give a better + specification of the key. A better way to do this would be to pop + up a dialog to allow the user to select matching keys. */ +#define MAX_KEYSEARCH_RESULTS 5 + + static GObjectClass *parent_class = NULL; static gboolean -gpa_import_server_operation_get_source (GpaImportOperation *operation, - gpgme_data_t *source); +gpa_import_server_operation_get_source (GpaImportOperation *operation); static void gpa_import_server_operation_complete_import (GpaImportOperation *operation); @@ -111,28 +117,132 @@ gpa_import_server_operation_get_type (void) /* Internal */ +/* Search for keys with KEYID. Return true on success and set the + SOURCE2 instance variable. */ +static gboolean +search_keys (GpaImportOperation *operation, const char *keyid) +{ + gpg_error_t err; + gboolean result = FALSE; + gpgme_ctx_t ctx; + gpgme_key_t key; + gpgme_key_t *keyarray; + int i, nkeys; + + if (!keyid || !*keyid) + return FALSE; + + keyarray = g_malloc0_n (MAX_KEYSEARCH_RESULTS + 1, sizeof *keyarray); + + /* We need to use a separate context because the operaion's context + has already been setup and the done signal would relate to the + actual import operation done later. */ + ctx = gpa_gpgme_new (); + gpgme_set_protocol (ctx, GPGME_PROTOCOL_OpenPGP); + /* Switch to extern-only list mode. */ + err = gpgme_set_keylist_mode (ctx, GPGME_KEYLIST_MODE_EXTERN); + if (err) + gpa_gpgme_error (err); + + /* List keys matching the given keyid. Actually all kind of search + specifications can be given. */ + nkeys = 0; + err = gpgme_op_keylist_start (ctx, keyid, 0); + while (!err && !(err = gpgme_op_keylist_next (ctx, &key))) + { + if (nkeys >= MAX_KEYSEARCH_RESULTS) + { + gpa_show_warning (GPA_OPERATION (operation)->window, + _("More than %d keys match your search pattern.\n" + "Use the long keyid or a fingerprint " + "for a better match"), nkeys); + gpgme_key_unref (key); + err = gpg_error (GPG_ERR_TRUNCATED); + break; + } + keyarray[nkeys++] = key; + } + gpgme_op_keylist_end (ctx); + if (gpg_err_code (err) == GPG_ERR_EOF) + err = 0; + + if (!err && !nkeys) + { + gpa_show_warning (GPA_OPERATION (operation)->window, + _("No keys were found.")); + } + else if (!err) + { + operation->source2 = keyarray; + keyarray = NULL; + result = TRUE; + } + else if (gpg_err_code (err) != GPG_ERR_TRUNCATED) + gpa_gpgme_warning (err); + + gpgme_release (ctx); + if (keyarray) + { + for (i=0; keyarray[i]; i++) + gpgme_key_unref (keyarray[i]); + g_free (keyarray); + } + return result; +} + + /* Virtual methods */ static gboolean -gpa_import_server_operation_get_source (GpaImportOperation *operation, - gpgme_data_t *source) +gpa_import_server_operation_get_source (GpaImportOperation *operation) { GpaImportServerOperation *op = GPA_IMPORT_SERVER_OPERATION (operation); - GtkWidget *dialog = gpa_receive_key_dialog_new (GPA_OPERATION (op)->window); + GtkWidget *dialog; GtkResponseType response; gchar *keyid; + int i; + dialog = gpa_receive_key_dialog_new (GPA_OPERATION (op)->window); gtk_widget_show_all (dialog); response = gtk_dialog_run (GTK_DIALOG (dialog)); keyid = g_strdup (gpa_receive_key_dialog_get_id (GPA_RECEIVE_KEY_DIALOG (dialog))); gtk_widget_destroy (dialog); - if (response == GTK_RESPONSE_OK) + /* Better reset the source variables. */ + gpgme_data_release (operation->source); + operation->source = NULL; + if (operation->source2) + { + for (i=0; operation->source2[i]; i++) + gpgme_key_unref (operation->source2[i]); + g_free (operation->source2); + operation->source2 = NULL; + } + + if (response == GTK_RESPONSE_OK && is_gpg_version_at_least ("2.1.0")) + { + /* GnuPG 2.1.0 does not anymore use the keyserver helpers and + thus we need to use the real API for receiving keys. Given + that there is currently no way to create a list of keys from + the keyids to be passed to the import function we run a + --search-keys first to get the list of matching keys and pass + them to the actual import function (which does a --recv-keys). */ + /* Fixme: As with server_get_key (below), this is a blocking + operation. */ + if (search_keys (operation, keyid)) + { + /* Okay, found key(s). */ + g_free (keyid); + return TRUE; + } + } + else if (response == GTK_RESPONSE_OK) { if (server_get_key (gpa_options_get_default_keyserver (gpa_options_get_instance ()), - keyid, source, GPA_OPERATION (op)->window)) + keyid, + &operation->source, GPA_OPERATION (op)->window)) { g_free (keyid); return TRUE; @@ -142,6 +252,7 @@ gpa_import_server_operation_get_source (GpaImportOperation *operation, return FALSE; } + static void gpa_import_server_operation_complete_import (GpaImportOperation *operation) { diff --git a/src/gparecvkeydlg.c b/src/gparecvkeydlg.c index c0cd752..758190e 100644 --- a/src/gparecvkeydlg.c +++ b/src/gparecvkeydlg.c @@ -46,7 +46,7 @@ gpa_receive_key_dialog_get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec) { GpaReceiveKeyDialog *dialog = GPA_RECEIVE_KEY_DIALOG (object); - + switch (prop_id) { case PROP_WINDOW: @@ -100,24 +100,34 @@ gpa_receive_key_dialog_init (GpaReceiveKeyDialog *dialog) GTK_RESPONSE_OK, GTK_RESPONSE_CANCEL, -1); - gtk_container_set_border_width (GTK_CONTAINER (GTK_DIALOG (dialog)->vbox),5); + gtk_container_set_border_width (GTK_CONTAINER (GTK_DIALOG (dialog)->vbox),10); gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_OK); - label = gtk_label_new (_("Which key do you want to import? (The key must " + label = gtk_label_new (is_gpg_version_at_least ("2.1.0")? + _("Which key do you want to import?") : + _("Which key do you want to import? (The key must " "be specified by key ID).")); gtk_label_set_line_wrap (GTK_LABEL (label), TRUE); gtk_box_pack_start (GTK_BOX (GTK_DIALOG (dialog)->vbox), label, FALSE, - TRUE, 5); + TRUE, 10); dialog->entry = gtk_entry_new (); - hbox = gtk_hbox_new (0, FALSE); - gtk_box_pack_start (GTK_BOX (GTK_DIALOG (dialog)->vbox), hbox, FALSE, - TRUE, 5); - label = gtk_label_new_with_mnemonic (_("Key _ID:")); - gtk_label_set_mnemonic_widget (GTK_LABEL (label), dialog->entry); - - gtk_box_pack_start_defaults (GTK_BOX (hbox), label); - gtk_box_pack_start_defaults (GTK_BOX (hbox), dialog->entry); + if (is_gpg_version_at_least ("2.1.0")) + { + gtk_box_pack_start (GTK_BOX (GTK_DIALOG (dialog)->vbox), + dialog->entry, FALSE, TRUE, 10); + } + else + { + hbox = gtk_hbox_new (0, FALSE); + gtk_box_pack_start (GTK_BOX (GTK_DIALOG (dialog)->vbox), hbox, FALSE, + TRUE, 10); + label = gtk_label_new_with_mnemonic (_("Key _ID:")); + gtk_label_set_mnemonic_widget (GTK_LABEL (label), dialog->entry); + gtk_box_pack_start_defaults (GTK_BOX (hbox), label); + gtk_box_pack_start_defaults (GTK_BOX (hbox), dialog->entry); + } + } @@ -125,9 +135,9 @@ static void gpa_receive_key_dialog_class_init (GpaReceiveKeyDialogClass *klass) { GObjectClass *object_class = G_OBJECT_CLASS (klass); - + parent_class = g_type_class_peek_parent (klass); - + object_class->finalize = gpa_receive_key_dialog_finalize; object_class->set_property = gpa_receive_key_dialog_set_property; object_class->get_property = gpa_receive_key_dialog_get_property; @@ -135,7 +145,7 @@ gpa_receive_key_dialog_class_init (GpaReceiveKeyDialogClass *klass) /* Properties */ g_object_class_install_property (object_class, PROP_WINDOW, - g_param_spec_object + g_param_spec_object ("window", "Parent window", "Parent window", GTK_TYPE_WIDGET, G_PARAM_WRITABLE|G_PARAM_CONSTRUCT_ONLY)); @@ -146,7 +156,7 @@ GType gpa_receive_key_dialog_get_type (void) { static GType verify_dialog_type = 0; - + if (!verify_dialog_type) { static const GTypeInfo verify_dialog_info = @@ -161,12 +171,12 @@ gpa_receive_key_dialog_get_type (void) 0, /* n_preallocs */ (GInstanceInitFunc) gpa_receive_key_dialog_init, }; - + verify_dialog_type = g_type_register_static (GTK_TYPE_DIALOG, "GpaReceiveKeyDialog", &verify_dialog_info, 0); } - + return verify_dialog_type; } @@ -177,7 +187,7 @@ GtkWidget* gpa_receive_key_dialog_new (GtkWidget *parent) { GpaReceiveKeyDialog *dialog; - + dialog = g_object_new (GPA_RECEIVE_KEY_DIALOG_TYPE, "window", parent, NULL); diff --git a/src/server-access.c b/src/server-access.c index 94fe0ca..18ecdca 100644 --- a/src/server-access.c +++ b/src/server-access.c @@ -18,6 +18,10 @@ along with GPA; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ +/* Note: This is the old code using the keyserver helpers + directly. This code is not used if GnuPG 2.1 is used. */ + + #include #include "gpa.h" @@ -58,7 +62,7 @@ /* Internal API */ -/* FIXME: THIS SHOULDN'T BE HERE +/* FIXME: THIS SHOULDN'T BE HERE * The strsep function is not portable, yet parse_keyserver_uri needs it and * I'm too lazy to rewrite it using GLib or ANSI functions, so we copy an * implementation here. If there is no other way around it, this kind or @@ -116,7 +120,7 @@ strsep (char **stringp, const char *delim) #endif /*HAVE_STRSEP*/ /* Code adapted from GnuPG (file g10/keyserver.c) */ -static gboolean +static gboolean parse_keyserver_uri (char *uri, char **scheme, char **host, char **port, char **opaque) { @@ -232,19 +236,19 @@ helper_path (const gchar *scheme) path = g_build_filename (GPA_KEYSERVER_HELPERS_DIR, helper, NULL); g_free (helper); } -#endif +#endif return path; } /* Find out the plugin protocol version */ -static int +static int protocol_version (const gchar *scheme) { gchar *helper[] = {helper_path (scheme), "-V", NULL}; gchar *output = NULL; gint version; - g_spawn_sync (NULL, helper, NULL, G_SPAWN_STDERR_TO_DEV_NULL, NULL, NULL, + g_spawn_sync (NULL, helper, NULL, G_SPAWN_STDERR_TO_DEV_NULL, NULL, NULL, &output, NULL, NULL, NULL); if (output && *output) { @@ -280,7 +284,7 @@ parse_helper_output (const gchar *filename) break; } fclose (file); - + return error; } @@ -327,7 +331,7 @@ error_string (gint error_code) static void write_command (FILE *file, const char *scheme, - const char *host, const char *port, + const char *host, const char *port, const char *opaque, const char *command) { fprintf (file, "%s\n", "VERSION 1"); @@ -353,9 +357,9 @@ write_command (FILE *file, const char *scheme, static GtkWidget * wait_dialog (const gchar *server, GtkWidget *parent) { - GtkWidget *dialog = + GtkWidget *dialog = gtk_message_dialog_new (GTK_WINDOW (parent), - GTK_DIALOG_MODAL | GTK_DIALOG_NO_SEPARATOR, + GTK_DIALOG_MODAL | GTK_DIALOG_NO_SEPARATOR, GTK_MESSAGE_INFO, GTK_BUTTONS_NONE, _("Connecting to server \"%s\".\n" "Please wait."), server); @@ -370,7 +374,7 @@ static gboolean check_errors (int exit_status, gchar *error_message, gchar *output_filename, int version, GtkWidget *parent) { - /* Error during connection. Try to parse the output and report the + /* Error during connection. Try to parse the output and report the * error. */ if (version == 0) @@ -381,7 +385,7 @@ check_errors (int exit_status, gchar *error_message, gchar *output_filename, if (exit_status) { gchar *message = g_strdup_printf (_("An error ocurred while " - "contacting the server:\n\n%s"), + "contacting the server:\n\n%s"), error_message); gpa_window_error (message, parent); return TRUE; @@ -401,7 +405,7 @@ check_errors (int exit_status, gchar *error_message, gchar *output_filename, else { gchar *message = g_strdup_printf (_("An error ocurred while " - "contacting the server:\n\n%s"), + "contacting the server:\n\n%s"), error_string (error_code)); gpa_window_error (message, parent); return TRUE; @@ -447,15 +451,15 @@ do_spawn (const gchar *scheme, const gchar *command_filename, /* Invoke the keyserver helper */ #ifdef G_OS_UNIX /* On Unix, run the helper asyncronously, so that we can update the dialog */ - g_spawn_async_with_pipes (NULL, helper_argv, NULL, + g_spawn_async_with_pipes (NULL, helper_argv, NULL, G_SPAWN_STDOUT_TO_DEV_NULL| - G_SPAWN_DO_NOT_REAP_CHILD, + G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, NULL, NULL, &standard_error, &error); #else /* On Windows, use syncronous spawn */ - g_spawn_sync (NULL, helper_argv, NULL, - G_SPAWN_STDOUT_TO_DEV_NULL, NULL, NULL, + g_spawn_sync (NULL, helper_argv, NULL, + G_SPAWN_STDOUT_TO_DEV_NULL, NULL, NULL, NULL, error_output, exit_status, &error); #endif @@ -525,7 +529,7 @@ invoke_helper (const gchar *server, const gchar *scheme, /* Public functions */ -gboolean +gboolean server_send_keys (const gchar *server, const gchar *keyid, gpgme_data_t data, GtkWidget *parent) { @@ -552,7 +556,7 @@ server_send_keys (const gchar *server, const gchar *keyid, dump_data_to_file (data, command); fprintf (command, "\nKEY %s END\n", keyid); fclose (command); - success = invoke_helper (server, scheme, command_filename, + success = invoke_helper (server, scheme, command_filename, &output_filename, parent); g_free (keyserver); /* Delete temp files */ @@ -564,7 +568,7 @@ server_send_keys (const gchar *server, const gchar *keyid, return success; } -gboolean +gboolean server_get_key (const gchar *server, const gchar *keyid, gpgme_data_t *data, GtkWidget *parent) { commit 7bf586c3d5fec9c7db12e208361843fcd2b66163 Author: Werner Koch Date: Tue Nov 18 20:08:19 2014 +0100 Add functions gpa_show_info and gpa_show_warning. * src/gtktools.c (gpa_show_info): New. (gpa_show_warning): New. (gpa_window_message, gpa_window_error): Make them wrappers fro the new functions. -- Using the message dialog functions is better than doing it ourselves. Note that a title bar is not anymore show but that is compensate by the fact that these dialogs do not anymore show up in the taskbar. diff --git a/src/gtktools.c b/src/gtktools.c index 973d974..8bf2867 100644 --- a/src/gtktools.c +++ b/src/gtktools.c @@ -35,95 +35,65 @@ #include "icons.h" -/* BEGIN of old unchecked code (wk 2008-03-07) */ - -static char * -make_box_title (const char *string) +/* Deprecated - use gpa_show_warning instead. */ +void +gpa_window_error (const gchar *message, GtkWidget *messenger) { - return g_strdup_printf ("%s %s", GPA_NAME, string); + gpa_show_warning (messenger, "%s", message); } +/* Deprecated - use gpa_show_info instead. */ void -gpa_window_error (const gchar *message, GtkWidget *messenger) +gpa_window_message (const gchar *message, GtkWidget * messenger) +{ + gpa_show_info (messenger, "%s", message); +} + + +static void +show_gtk_message (GtkWidget *parent, GtkMessageType mtype, + const char *format, va_list arg_ptr) { - GtkWidget *windowError; - GtkWidget *hboxError; - GtkWidget *labelMessage; - GtkWidget *pixmap; - char *title; - - title = make_box_title (_("Error")); - windowError = gtk_dialog_new_with_buttons (title, - (messenger ? - GTK_WINDOW(messenger) : NULL), - GTK_DIALOG_MODAL, - _("_Close"), - GTK_RESPONSE_CLOSE, - NULL); - g_free (title); - if (messenger) - gtk_window_set_transient_for (GTK_WINDOW (windowError), - GTK_WINDOW (messenger)); - - gtk_container_set_border_width (GTK_CONTAINER (windowError), 5); - gtk_dialog_set_default_response (GTK_DIALOG (windowError), - GTK_RESPONSE_CLOSE); - hboxError = gtk_hbox_new (FALSE, 0); - gtk_container_set_border_width (GTK_CONTAINER (hboxError), 5); - gtk_box_pack_start_defaults (GTK_BOX (GTK_DIALOG (windowError)->vbox), - hboxError); - pixmap = gtk_image_new_from_stock (GTK_STOCK_DIALOG_ERROR, - GTK_ICON_SIZE_DIALOG); - gtk_box_pack_start (GTK_BOX (hboxError), pixmap, TRUE, FALSE, 10); - labelMessage = gtk_label_new (message); - gtk_box_pack_start (GTK_BOX (hboxError), labelMessage, TRUE, FALSE, 10); - - gtk_widget_show_all (windowError); - gtk_dialog_run (GTK_DIALOG (windowError)); - gtk_widget_destroy (windowError); + GtkWidget *dialog; + char *buffer; + + buffer = g_strdup_vprintf (format, arg_ptr); + dialog = gtk_message_dialog_new (parent? GTK_WINDOW (parent):NULL, + GTK_DIALOG_MODAL, + mtype, + GTK_BUTTONS_CLOSE, + "%s", buffer); + g_free (buffer); + + gtk_widget_show_all (dialog); + gtk_dialog_run (GTK_DIALOG (dialog)); + gtk_widget_destroy (dialog); } +/* Show a modal info message. */ void -gpa_window_message (gchar * message, GtkWidget * messenger) +gpa_show_info (GtkWidget *parent, const char *format, ...) { - GtkWidget *window; - GtkWidget *hbox; - GtkWidget *labelMessage; - GtkWidget *pixmap; - char *title; - - title = make_box_title (_("Message")); - window = gtk_dialog_new_with_buttons (title, - (messenger ? - GTK_WINDOW(messenger) : NULL), - GTK_DIALOG_MODAL, - _("_Close"), - GTK_RESPONSE_CLOSE, - NULL); - g_free (title); - gtk_container_set_border_width (GTK_CONTAINER (window), 5); - gtk_dialog_set_default_response (GTK_DIALOG (window), - GTK_RESPONSE_CLOSE); - hbox = gtk_hbox_new (FALSE, 0); - gtk_container_set_border_width (GTK_CONTAINER (hbox), 5); - gtk_box_pack_start_defaults (GTK_BOX (GTK_DIALOG (window)->vbox), - hbox); - pixmap = gtk_image_new_from_stock (GTK_STOCK_DIALOG_INFO, - GTK_ICON_SIZE_DIALOG); - gtk_box_pack_start (GTK_BOX (hbox), pixmap, TRUE, FALSE, 10); - labelMessage = gtk_label_new (message); - gtk_box_pack_start (GTK_BOX (hbox), labelMessage, TRUE, FALSE, 10); - - gtk_widget_show_all (window); - gtk_dialog_run (GTK_DIALOG (window)); - gtk_widget_destroy (window); + va_list arg_ptr; + + va_start (arg_ptr, format); + show_gtk_message (parent, GTK_MESSAGE_INFO, format, arg_ptr); + va_end (arg_ptr); } -/* END of old unchecked code (wk 2008-03-07) */ - +/* Show a modal warning message. */ +void +gpa_show_warning (GtkWidget *parent, const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + show_gtk_message (parent, GTK_MESSAGE_WARNING, format, arg_ptr); + va_end (arg_ptr); +} /* Set a tooltip TEXT to WIDGET. TEXT and WIDGET may both be NULL. diff --git a/src/gtktools.h b/src/gtktools.h index 3a204ba..41fafc5 100644 --- a/src/gtktools.h +++ b/src/gtktools.h @@ -23,9 +23,13 @@ #include -extern void gpa_window_error (const gchar * message, GtkWidget * messenger); -extern void gpa_window_message (gchar * message, GtkWidget * messenger); +/* Show a modal info message. */ +void gpa_show_info (GtkWidget *parent, + const char *format, ...) G_GNUC_PRINTF(2,3); +/* Show a modal warning message. */ +void gpa_show_warning (GtkWidget *parent, + const char *format, ...) G_GNUC_PRINTF(2,3); /* Set a tooltip TEXT to WIDGET. TEXT and WIDGET may both be NULL. This function is useful so that GPA can be build with older GTK+ @@ -44,4 +48,10 @@ void gpa_window_set_title (GtkWindow *window, const char *string); +/* Deprecated functions. */ +void gpa_window_error (const gchar * message, GtkWidget * messenger); +void gpa_window_message (const gchar * message, GtkWidget * messenger); + + + #endif /* GTK_TOOLS_H_ */ commit 68b7faa05eb825ead05c27bb42860da8390f3a25 Author: Werner Koch Date: Tue Nov 18 17:03:27 2014 +0100 Do not show the keyserver setting with gnupg 2.1.0. * src/settingsdlg.c (_SettingsDlg): Add field gnupg21. (settings_dlg_init): Init new field. (settings_dlg_constructor): Do not show the keyserver option with gnupg 2.1. (update_show_advanced_options): Skip the keyserver option with 2.1 (keyserver_selected_from_list_cb): Ditto. (check_default_keyserver): Ditto. (load_settings, save_settings): Ditto. diff --git a/src/settingsdlg.c b/src/settingsdlg.c index 66bed62..fe9e529 100644 --- a/src/settingsdlg.c +++ b/src/settingsdlg.c @@ -58,7 +58,8 @@ struct _SettingsDlg { GtkDialog parent; - gboolean modified; /* True is tehre are unsaved changes. */ + gboolean modified; /* True is there are unsaved changes. */ + gboolean gnupg21; /* True if gnupg 2.1.0 or later is in use. */ /* Data for the user interface frame. */ struct { @@ -170,7 +171,8 @@ update_show_advanced_options (SettingsDlg *dialog) if (gpa_options_get_show_advanced_options (options)) { #ifdef ENABLE_KEYSERVER_SUPPORT - gtk_widget_show_all (dialog->keyserver.frame); + if (!dialog->gnupg21) + gtk_widget_show_all (dialog->keyserver.frame); #endif /*ENABLE_KEYSERVER_SUPPORT*/ if (dialog->akl.enabled) gtk_widget_show_all (dialog->akl.frame); @@ -178,7 +180,8 @@ update_show_advanced_options (SettingsDlg *dialog) else { #ifdef ENABLE_KEYSERVER_SUPPORT - gtk_widget_hide_all (dialog->keyserver.frame); + if (!dialog->gnupg21) + gtk_widget_hide_all (dialog->keyserver.frame); #endif /*ENABLE_KEYSERVER_SUPPORT*/ if (dialog->akl.enabled) gtk_widget_hide_all (dialog->akl.frame); @@ -353,6 +356,9 @@ keyserver_selected_from_list_cb (SettingsDlg *dialog) { char *text; + if (dialog->gnupg21) + return; + text = gtk_combo_box_get_active_text (dialog->keyserver.combo); g_message ("got `%s'", text); xfree (dialog->keyserver.url); @@ -370,6 +376,9 @@ check_default_keyserver (SettingsDlg *dialog) { keyserver_spec_t kspec; + if (dialog->gnupg21) + return NULL; /* GnuPG manages the keyservers. */ + keyserver_selected_from_list_cb (dialog); if (!dialog->keyserver.url) @@ -728,9 +737,13 @@ load_settings (SettingsDlg *dialog) /* Default keyserver section. */ #ifdef ENABLE_KEYSERVER_SUPPORT - gtk_entry_set_text (GTK_ENTRY - (gtk_bin_get_child (GTK_BIN (dialog->keyserver.combo))), - gpa_options_get_default_keyserver (options)); + if (!dialog->gnupg21) + { + gtk_entry_set_text (GTK_ENTRY + (gtk_bin_get_child + (GTK_BIN (dialog->keyserver.combo))), + gpa_options_get_default_keyserver (options)); + } #endif /*ENABLE_KEYSERVER_SUPPORT*/ /* AKL section. */ @@ -758,13 +771,16 @@ save_settings (SettingsDlg *dialog) } #ifdef ENABLE_KEYSERVER_SUPPORT - if ((errwdg = check_default_keyserver (dialog))) + if (!dialog->gnupg21) { - gpa_window_error - (_("The URL given for the keyserver is not valid."), - GTK_WIDGET (dialog)); - gtk_widget_grab_focus (errwdg); - return -1; + if ((errwdg = check_default_keyserver (dialog))) + { + gpa_window_error + (_("The URL given for the keyserver is not valid."), + GTK_WIDGET (dialog)); + gtk_widget_grab_focus (errwdg); + return -1; + } } #endif /*ENABLE_KEYSERVER_SUPPORT*/ @@ -893,7 +909,7 @@ static void settings_dlg_init (SettingsDlg *dialog) { dialog->akl.method_idx = -1; - + dialog->gnupg21 = is_gpg_version_at_least ("2.1.0"); } @@ -931,15 +947,21 @@ settings_dlg_constructor (GType type, guint n_construct_properties, frame = default_key_frame (dialog); gtk_box_pack_start_defaults (GTK_BOX (GTK_DIALOG (dialog)->vbox), frame); - /* The default keyserver section. */ + /* The default keyserver section. Note that there is no keyserver + entry if we are using gnupg 2.1. There we do not have the + keyserver helpers anymore and thus the keyservers are to be + enabled in the backend preferences. */ #ifdef ENABLE_KEYSERVER_SUPPORT - frame = default_keyserver_frame (dialog); - gtk_box_pack_start (GTK_BOX (GTK_DIALOG (dialog)->vbox), frame, - FALSE, FALSE, 0); + if (!dialog->gnupg21) + { + frame = default_keyserver_frame (dialog); + gtk_box_pack_start (GTK_BOX (GTK_DIALOG (dialog)->vbox), frame, + FALSE, FALSE, 0); + } #endif /*ENABLE_KEYSERVER_SUPPORT*/ /* The auto key locate section. */ - dialog->akl.enabled = is_gpg_version_at_least ("2.0.10"); + dialog->akl.enabled = dialog->gnupg21; if (dialog->akl.enabled) { frame = auto_key_locate_frame (dialog); ----------------------------------------------------------------------- Summary of changes: src/gpaexportclipop.c | 4 +- src/gpaimportclipop.c | 35 ++++++------- src/gpaimportfileop.c | 14 +++--- src/gpaimportop.c | 78 +++++++++++++++-------------- src/gpaimportop.h | 9 ++-- src/gpaimportserverop.c | 125 ++++++++++++++++++++++++++++++++++++++++++++--- src/gparecvkeydlg.c | 48 +++++++++++------- src/gtktools.c | 120 +++++++++++++++++---------------------------- src/gtktools.h | 14 +++++- src/server-access.c | 42 +++++++++------- src/settingsdlg.c | 58 +++++++++++++++------- 11 files changed, 342 insertions(+), 205 deletions(-) hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 19 11:30:00 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 19 Nov 2014 11:30:00 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-28-g164a6a9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 164a6a9dd4af26668dd0d01061688bf1ceff44bf (commit) from 9a3ca587613c58b4086a849e2233d1d4a58c17d2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 164a6a9dd4af26668dd0d01061688bf1ceff44bf Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 gpg-connect-agent: Add convenience option --uiserver. diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index 8e8ebcb..1d9bb66 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -64,6 +64,7 @@ enum cmd_and_opt_values oDecode, oNoExtConnect, oDirmngr, + oUIServer, oNoAutostart, }; @@ -78,6 +79,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oHex, "hex", N_("print data out hex encoded")), ARGPARSE_s_n (oDecode,"decode", N_("decode received data lines")), ARGPARSE_s_n (oDirmngr,"dirmngr", N_("connect to the dirmngr")), + ARGPARSE_s_n (oUIServer, "uiserver", "@"), ARGPARSE_s_s (oRawSocket, "raw-socket", N_("|NAME|connect to Assuan socket NAME")), ARGPARSE_s_s (oTcpSocket, "tcp-socket", @@ -112,6 +114,7 @@ struct int hex; /* Print data lines in hex format. */ int decode; /* Decode received data lines. */ int use_dirmngr; /* Use the dirmngr and not gpg-agent. */ + int use_uiserver; /* Use the standard UI server. */ const char *raw_socket; /* Name of socket to connect in raw mode. */ const char *tcp_socket; /* Name of server to connect in tcp mode. */ int exec; /* Run the pgm given on the command line. */ @@ -1199,6 +1202,7 @@ main (int argc, char **argv) case oHex: opt.hex = 1; break; case oDecode: opt.decode = 1; break; case oDirmngr: opt.use_dirmngr = 1; break; + case oUIServer: opt.use_uiserver = 1; break; case oRawSocket: opt.raw_socket = pargs.r.ret_str; break; case oTcpSocket: opt.tcp_socket = pargs.r.ret_str; break; case oExec: opt.exec = 1; break; @@ -1216,6 +1220,12 @@ main (int argc, char **argv) if (log_get_errorcount (0)) exit (2); + /* --uiserver is a shortcut for a specific raw socket. This comes + in particular handy on Windows. */ + if (opt.use_uiserver) + { + opt.raw_socket = make_absfilename (opt.homedir, "S.uiserver", NULL); + } /* Print a warning if an argument looks like an option. */ if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN)) ----------------------------------------------------------------------- Summary of changes: tools/gpg-connect-agent.c | 10 ++++++++++ 1 file changed, 10 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 19 11:52:43 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 19 Nov 2014 11:52:43 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.1-13-ga9ae0d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a9ae0d142864a91d732a8f215e4ccdc791309335 (commit) from 8031341283f4fcb1f226aa6f66bc5a6042586815 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a9ae0d142864a91d732a8f215e4ccdc791309335 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 doc: Clarify the FILE command. -- diff --git a/doc/uiserver.texi b/doc/uiserver.texi index 859ae02..16e8f85 100644 --- a/doc/uiserver.texi +++ b/doc/uiserver.texi @@ -226,7 +226,7 @@ before the final OK response: @deffn {Status line} MICALG @var{string} The @var{string} represents the hash algorithm used to create the -signature. It is used with MOSS style signature messages and defined by +signature. It is used with RFC-1847 style signature messages and defined by PGP/MIME (RFC-3156) and S/MIME (RFC-3851). The GPGME library has a supporting function @code{gpgme_hash_algo_name} to return the algorithm name as a string. This string needs to be lowercased and for OpenPGP @@ -368,13 +368,18 @@ message. All file related UI server commands operate on a number of input files or directories, specified by one or more @code{FILE} commands: - at deffn Command FILE @var{name} [--continued] + at deffn Command FILE [--clear] @var{name} Add the file or directory @var{name} to the list of pathnames to be processed by the server. The parameter @var{name} must be an absolute path name (including the drive letter) and is percent espaced (in particular, the characters %, = and white space characters are always -escaped). The option @code{--continued} is present for all but the -last @code{FILE} command. +escaped). If the option @code{--clear} is given, the list of files is +cleared before adding @var{name}. + +Historical note: The original spec did not define @code{--clear} but +the keyword @code{--continued} after the file name to indicate that +more files are to be expected. However, this has never been used and +thus removed from the specs. @end deffn ----------------------------------------------------------------------- Summary of changes: doc/uiserver.texi | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 20 01:46:02 2014 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 20 Nov 2014 01:46:02 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-126-ge613003 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e6130034506013d6153465a2bedb6fb08a43f74d (commit) from 95eef21583d8e998efc48f22898c1ae31b77cb48 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e6130034506013d6153465a2bedb6fb08a43f74d Author: NIIBE Yutaka Date: Wed Nov 19 15:48:12 2014 +0900 ecc: Improve Montgomery curve implementation. * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Support MPI_EC_MONTGOMERY. * cipher/ecc.c (test_ecdh_only_keys): New. (nist_generate_key): Call test_ecdh_only_keys for MPI_EC_MONTGOMERY. (check_secret_key): Handle Montgomery curve of x-coordinate only. * mpi/ec.c (_gcry_mpi_ec_mul_point): Resize points before the loop. Simplify, using pointers of Q1, Q2, PRD, and SUM. -- diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index fd47c1d..9975bb4 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -530,9 +530,8 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name, { case MPI_EC_WEIERSTRASS: case MPI_EC_EDWARDS: - break; case MPI_EC_MONTGOMERY: - return GPG_ERR_NOT_SUPPORTED; + break; default: return GPG_ERR_BUG; } diff --git a/cipher/ecc.c b/cipher/ecc.c index 8bdbd56..2f5e401 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -81,6 +81,7 @@ static void *progress_cb_data; /* Local prototypes. */ static void test_keys (ECC_secret_key * sk, unsigned int nbits); +static void test_ecdh_only_keys (ECC_secret_key * sk, unsigned int nbits); static unsigned int ecc_get_nbits (gcry_sexp_t parms); @@ -209,7 +210,10 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, point_free (&Q); /* Now we can test our keys (this should never fail!). */ - test_keys (sk, nbits - 64); + if (sk->E.model != MPI_EC_MONTGOMERY) + test_keys (sk, nbits - 64); + else + test_ecdh_only_keys (sk, nbits - 64); return 0; } @@ -266,6 +270,80 @@ test_keys (ECC_secret_key *sk, unsigned int nbits) } +static void +test_ecdh_only_keys (ECC_secret_key *sk, unsigned int nbits) +{ + ECC_public_key pk; + gcry_mpi_t test; + mpi_point_struct R_; + gcry_mpi_t x0, x1; + mpi_ec_t ec; + + if (DBG_CIPHER) + log_debug ("Testing key.\n"); + + point_init (&R_); + + pk.E = _gcry_ecc_curve_copy (sk->E); + point_init (&pk.Q); + point_set (&pk.Q, &sk->Q); + + if (sk->E.dialect == ECC_DIALECT_ED25519) + { + char *rndbuf; + + test = mpi_new (256); + rndbuf = _gcry_random_bytes (32, GCRY_WEAK_RANDOM); + rndbuf[0] &= 0x7f; /* Clear bit 255. */ + rndbuf[0] |= 0x40; /* Set bit 254. */ + rndbuf[31] &= 0xf8; /* Clear bits 2..0 so that d mod 8 == 0 */ + _gcry_mpi_set_buffer (test, rndbuf, 32, 0); + xfree (rndbuf); + } + else + { + test = mpi_new (nbits); + _gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM); + } + + ec = _gcry_mpi_ec_p_internal_new (pk.E.model, pk.E.dialect, 0, + pk.E.p, pk.E.a, pk.E.b); + x0 = mpi_new (0); + x1 = mpi_new (0); + + /* R_ = hkQ <=> R_ = hkdG */ + _gcry_mpi_ec_mul_point (&R_, test, &pk.Q, ec); + if (sk->E.dialect != ECC_DIALECT_ED25519) + _gcry_mpi_ec_mul_point (&R_, ec->h, &R_, ec); + if (_gcry_mpi_ec_get_affine (x0, NULL, &R_, ec)) + log_fatal ("ecdh: Failed to get affine coordinates for hkQ\n"); + + _gcry_mpi_ec_mul_point (&R_, test, &pk.E.G, ec); + _gcry_mpi_ec_mul_point (&R_, sk->d, &R_, ec); + /* R_ = hdkG */ + if (sk->E.dialect != ECC_DIALECT_ED25519) + _gcry_mpi_ec_mul_point (&R_, ec->h, &R_, ec); + + if (_gcry_mpi_ec_get_affine (x1, NULL, &R_, ec)) + log_fatal ("ecdh: Failed to get affine coordinates for hdkG\n"); + + if (mpi_cmp (x0, x1)) + { + log_fatal ("ECDH test failed.\n"); + } + + mpi_free (x0); + mpi_free (x1); + _gcry_mpi_ec_free (ec); + + point_free (&pk.Q); + _gcry_ecc_curve_free (&pk.E); + + point_free (&R_); + mpi_free (test); +} + + /* * To check the validity of the value, recalculate the correspondence * between the public value and the secret one. @@ -281,7 +359,10 @@ check_secret_key (ECC_secret_key *sk, mpi_ec_t ec, int flags) point_init (&Q); x1 = mpi_new (0); - y1 = mpi_new (0); + if (ec->model == MPI_EC_MONTGOMERY) + y1 = NULL; + else + y1 = mpi_new (0); /* G in E(F_p) */ if (!_gcry_mpi_ec_curve_point (&sk->E.G, ec)) @@ -338,7 +419,7 @@ check_secret_key (ECC_secret_key *sk, mpi_ec_t ec, int flags) else if (!mpi_cmp_ui (sk->Q.z, 1)) { /* Fast path if Q is already in affine coordinates. */ - if (mpi_cmp (x1, sk->Q.x) || mpi_cmp (y1, sk->Q.y)) + if (mpi_cmp (x1, sk->Q.x) || (!y1 && mpi_cmp (y1, sk->Q.y))) { if (DBG_CIPHER) log_debug @@ -1581,7 +1662,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) char buf[30]; if (idx == 5) - continue; /* Skip cofactor. */ + continue; /* Skip cofactor. */ if (mpi_is_opaque (values[idx])) { diff --git a/mpi/ec.c b/mpi/ec.c index 80f3b22..0b7c7a7 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1251,7 +1251,9 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, unsigned int nbits; int j; mpi_point_struct p1_, p2_; + mpi_point_t q1, q2, prd, sum; unsigned long sw; + size_t nlimbs; /* Compute scalar point multiplication with Montgomery Ladder. Note that we don't use Y-coordinate in the points at all. @@ -1267,27 +1269,35 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, p2.x = mpi_copy (point->x); mpi_set_ui (p2.z, 1); + nlimbs = 2*(nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB+1; + mpi_resize (p1.x, nlimbs); + mpi_resize (p1.z, nlimbs); + mpi_resize (p2.x, nlimbs); + mpi_resize (p2.z, nlimbs); + mpi_resize (p1_.x, nlimbs); + mpi_resize (p1_.z, nlimbs); + mpi_resize (p2_.x, nlimbs); + mpi_resize (p2_.z, nlimbs); + + q1 = &p1; + q2 = &p2; + prd = &p1_; + sum = &p2_; + for (j=nbits-1; j >= 0; j--) { - sw = mpi_test_bit (scalar, j); - mpi_swap_cond (p1.x, p2.x, sw); - mpi_swap_cond (p1.z, p2.z, sw); - montgomery_ladder (&p1_, &p2_, &p1, &p2, point->x, ctx); - mpi_swap_cond (p1_.x, p2_.x, sw); - mpi_swap_cond (p1_.z, p2_.z, sw); - - if (--j < 0) - break; + mpi_point_t t; sw = mpi_test_bit (scalar, j); - mpi_swap_cond (p1_.x, p2_.x, sw); - mpi_swap_cond (p1_.z, p2_.z, sw); - montgomery_ladder (&p1, &p2, &p1_, &p2_, point->x, ctx); - mpi_swap_cond (p1.x, p2.x, sw); - mpi_swap_cond (p1.z, p2.z, sw); + mpi_swap_cond (q1->x, q2->x, sw); + mpi_swap_cond (q1->z, q2->z, sw); + montgomery_ladder (prd, sum, q1, q2, point->x, ctx); + mpi_swap_cond (prd->x, sum->x, sw); + mpi_swap_cond (prd->z, sum->z, sw); + t = q1; q1 = prd; prd = t; + t = q2; q2 = sum; sum = t; } - z1 = mpi_new (0); mpi_clear (result->y); sw = (nbits & 1); mpi_swap_cond (p1.x, p1_.x, sw); @@ -1300,12 +1310,13 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, } else { + z1 = mpi_new (0); ec_invm (z1, p1.z, ctx); ec_mulm (result->x, p1.x, z1, ctx); mpi_set_ui (result->z, 1); + mpi_free (z1); } - mpi_free (z1); point_free (&p1); point_free (&p2); point_free (&p1_); ----------------------------------------------------------------------- Summary of changes: cipher/ecc-curves.c | 3 +- cipher/ecc.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++--- mpi/ec.c | 43 ++++++++++++++++--------- 3 files changed, 113 insertions(+), 22 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 20 12:17:34 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 20 Nov 2014 12:17:34 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-29-gcd2c6f3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0 (commit) from 164a6a9dd4af26668dd0d01061688bf1ceff44bf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 Fix linker problem on OS X. * common/init.c (default_errsource): Move to the .data segmemt. -- See mails starting at http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029089.html diff --git a/common/init.c b/common/init.c index 1cbd709..2d5d630 100644 --- a/common/init.c +++ b/common/init.c @@ -67,8 +67,11 @@ static mem_cleanup_item_t mem_cleanup_list; /* The default error source of the application. This is different from GPG_ERR_SOURCE_DEFAULT in that it does not depend on the - source file and thus is usable in code shared by applications. */ -gpg_err_source_t default_errsource; + source file and thus is usable in code shared by applications. + Note that we need to initialize it because otherwise some linkers + (OS X at least) won't find the symbol when linking the t-*.c + files. */ +gpg_err_source_t default_errsource = 0; #ifdef HAVE_W32CE_SYSTEM @@ -145,7 +148,7 @@ writestring_via_estream (int mode, const char *string) void _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp) { - /* Store the error source in a gloabl variable. */ + /* Store the error source in a global variable. */ default_errsource = errsource; atexit (run_mem_cleanup); ----------------------------------------------------------------------- Summary of changes: common/init.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 20 20:08:55 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 20 Nov 2014 20:08:55 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-30-gf80c2dd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd (commit) from cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 gpg: Fix hash detection for ECDSA. * g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA. -- This error was introduced with commit b7f8dec6325f1c80640f878ed3080bbc194fbc78 while separating EdDSA from ECDSA. Found due to a related bug report from Brian Minton. Signed-off-by: Werner Koch diff --git a/g10/sign.c b/g10/sign.c index e7d4a68..2e62f04 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -899,13 +899,12 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_DSA - || (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA - && !openpgp_oid_is_ed25519 (sk_rover->pk->pkey[1]))) + || sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA) { int temp_hashlen = (gcry_mpi_get_nbits (sk_rover->pk->pkey[1])); - if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA) + if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA) temp_hashlen = ecdsa_qbits_from_Q (temp_hashlen); temp_hashlen = (temp_hashlen+7)/8; @@ -915,7 +914,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, if (hint.digest_lengthpk->is_protected */ /* && sk_rover->pk->protect.s2k.mode == 1002) */ /* smartcard = 1; */ ----------------------------------------------------------------------- Summary of changes: g10/sign.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 20 21:07:04 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 20 Nov 2014 21:07:04 +0100 Subject: [git] GPA - branch, master, updated. gpa-0.9.4-49-g1ffb7d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via 1ffb7d173b4268b61e2f955b3335ed37901e010c (commit) via 6e9fd523f7caf5508dfeabf4e53132cbac43d6a8 (commit) from ac007f3204c06b3cb4b272fd1de17baa4d589ae8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1ffb7d173b4268b61e2f955b3335ed37901e010c Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 po: Update German translation -- Still 10 strings are not translated - they are mainly for the Telesec card - I am not inclinced to help them for free. diff --git a/po/de.po b/po/de.po index 0b5886f..fdb8ffe 100644 --- a/po/de.po +++ b/po/de.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: gpa\n" "Report-Msgid-Bugs-To: gpa-dev at gnupg.org\n" -"PO-Revision-Date: 2014-01-07 23:06+0100\n" +"PO-Revision-Date: 2014-11-20 15:46+0100\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "Language: de\n" @@ -269,9 +269,8 @@ msgstr "Zwischenablage ?ffnen" msgid "Open the settings dialog" msgstr "?ffne den Dialog f?r die Einstellungen" -#, fuzzy msgid "Only start the UI server" -msgstr "Den UI Server aktivieren" +msgstr "Nur den UI Server starten" msgid "Disable support for X.509" msgstr "Keine Unterst?tzung von X.509" @@ -280,7 +279,7 @@ msgid "Read options from file" msgstr "Optionen aus einer Datei lesen" msgid "Do not connect to a running instance" -msgstr "" +msgstr "Nicht mit einem laufenden GPA verbinden" msgid "[FILE...]" msgstr "[DATEI...]" @@ -335,9 +334,9 @@ msgstr "Beim Erstellen der Datensicherung ist ein Fehler aufgetreten." msgid "Backup key to file" msgstr "_Sicherheitskopie des Schl?ssels in Datei:" -#, fuzzy, c-format +#, c-format msgid "Generating backup of key: 0x%s" -msgstr "Sicherheitskopie von Schl?ssel %s erstellen" +msgstr "Sicherheitskopie von Schl?ssel 0x%s wird erstellt" msgid "The keys have been copied to the clipboard." msgstr "Die Schl?ssel wurden in die Zwischenablage kopiert." @@ -353,7 +352,7 @@ msgid "The keys have been exported to %s." msgstr "Die Schl?ssel wurden exportiert nach %s." msgid "Only keys of the same procotol may be exported as a collection." -msgstr "" +msgstr "Nur Schl?ssel eines Protokolls k?nnen zusammen exportiert werden" #, c-format msgid "" @@ -463,24 +462,16 @@ msgstr "Schl?ssel erzeugen..." msgid "Import keys from file" msgstr "Zertifikate aus Datei importieren" -msgid "No keys were found." -msgstr "Es wurde kein Schl?ssel gefunden." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i ?ffentliche Schl?ssel gelesen\n" -"%i ?ffentliche Schl?ssel importiert\n" -"%i ?ffentliche Schl?ssel unver?ndert\n" -"%i geheime Schl?ssel gelesen\n" -"%i geheime Schl?ssel importiert\n" -"%i geheime Schl?ssel unver?ndert" +"Mehr als %d Schl?ssel entsprechen Ihren Suchkriterien.\n" +"Benutzen Sie die lange Schl?sselkennung oder den Fingerprint f?r eine verfeinerte Suche." + +msgid "No keys were found." +msgstr "Es wurde kein Schl?ssel gefunden." msgid "" "Invalid time given.\n" @@ -507,6 +498,9 @@ msgstr "Dieser Schl?ssel ist bereits mit Ihrem eigenen Schl?ssel signiert." msgid "You haven't selected a default key to sign with!" msgstr "Kein Standardschl?ssel zum Signieren ausgew?hlt." +msgid "Which key do you want to import?" +msgstr "Welchen Schl?ssel m?chten Sie importieren?" + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "Welchen Schl?ssel m?chten Sie importieren? (Schl?sselkennung angeben)" @@ -540,47 +534,44 @@ msgstr "Kennung des untergeordneten Schl?ssels" msgid "Status" msgstr "G?ltigkeit der Beglaubigung" -#, fuzzy msgid "Algo" -msgstr "_Verschl?sselungsalgorithmus" +msgstr "Algo" msgid "Size" msgstr "Gr??e" -#, fuzzy msgid "Created" -msgstr "Erstellen" +msgstr "Erstellt" -#, fuzzy msgid "Expires" -msgstr "Abgelaufen" +msgstr "L?uft ab" msgid "S" -msgstr "" +msgstr "S" msgid "Can sign" msgstr "Zum Signieren verwendbar" msgid "C" -msgstr "" +msgstr "Z" msgid "Can certify" msgstr "Zum ?berpr?fen verwendbar" msgid "E" -msgstr "" +msgstr "V" msgid "Can encrypt" msgstr "Zum Verschl?sseln verwendbar" msgid "A" -msgstr "" +msgstr "A" msgid "Can authenticate" msgstr "Zum Authentifizieren verwendbar" msgid "T" -msgstr "" +msgstr "T" msgid "Secret key stored on a smartcard." msgstr "Geheimer Schl?ssel befindet sich auf einer Smartcard" @@ -862,8 +853,32 @@ msgstr "Der Schl?ssel ist ausschlie?lich zum Verschl?sseln verwendbar." msgid "This key is useless." msgstr "Dieser Schl?ssel ist nicht verwendbar." -msgid "A required engine component is not installed." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" +"%u Datei(en) gelesen\n" +"%u Datei(en) mit Fehlern" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" msgstr "" +"%i ?ffentliche Schl?ssel gelesen\n" +"%i ?ffentliche Schl?ssel importiert\n" +"%i ?ffentliche Schl?ssel unver?ndert\n" +"%i geheime Schl?ssel gelesen\n" +"%i geheime Schl?ssel importiert\n" +"%i geheime Schl?ssel unver?ndert" + +msgid "A required engine component is not installed." +msgstr "Eine notwendige Krypto-Engine ist nicht installiert" msgid "Calling the crypto engine program failed." msgstr "Aufruf der Crypto-Engine fehlgeschlagen." @@ -886,12 +901,6 @@ msgstr "Die Email Adresse ist nicht g?ltig." msgid "Invalid character in comments." msgstr "Ung?ltige Zeichen im Kommentarfeld." -msgid "Error" -msgstr "Fehler" - -msgid "Message" -msgstr "Meldung" - msgid "GPA is the GNU Privacy Assistant." msgstr "GPA ist der GNU Privacy Assistant" @@ -1130,9 +1139,8 @@ msgstr "" "Die Schl?sselkennung (Key ID) is eine kurze Zahl zur Identifizerung eines " "Zertifikats." -#, fuzzy msgid "The Creation Date is the date the certificate was created." -msgstr "Das Ablaufdatum ist das Datum bis zu dem das Zertifikat g?ltig ist." +msgstr "Das Erstellungsdatum ist das Datum ab dem das Zertifikat g?ltig ist." msgid "The Expiry Date is the date until the certificate is valid." msgstr "Das Ablaufdatum ist das Datum bis zu dem das Zertifikat g?ltig ist." @@ -1389,6 +1397,12 @@ msgid "" "Please install a CMS engine or invoke this program\n" "with the option --disable-x509 ." msgstr "" +"Anscheinend ist keine CMS Crypto-Engine installiert.\n" +"\n" +"Unterst?tztung f?r X.509 wird vorerst ausgeschaltet.\n" +"\n" +"Bitte installieren Sie eine CMS Crypto-Engine oder starten\n" +"Sie dieses Programm mit der Option --disable-x509 ." msgid "" "The private key you selected as default is no longer available.\n" @@ -2253,6 +2267,12 @@ msgstr "" "k?nnen jedoch mit dem Knopf zur Anwendungsauswahl auf eine andere, auf der " "Karte verf?gbare, Anwendung umschalten." +#~ msgid "Error" +#~ msgstr "Fehler" + +#~ msgid "Message" +#~ msgstr "Meldung" + #~ msgid "[S]" #~ msgstr "[S]" @@ -2336,7 +2356,6 @@ msgstr "" #~ msgid "Keyring Editor" #~ msgstr "Schl?sselverwaltung" -#, fuzzy #~ msgid "Generate new key..." #~ msgstr "Neuen Schl?ssel erzeugen..." commit 6e9fd523f7caf5508dfeabf4e53132cbac43d6a8 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 Implement the IMPORT_FILES server command. * src/server.c (cmd_file): Remove --continued stuff and add --clear. (conn_ctrl_s): Remove field files_finished. (impl_encrypt_sign_files): Adjust for this. (impl_decrypt_verify_files): Ditto. * src/server.c (impl_encrypt_sign_files): Add import feature. (cmd_import_files): Implement. * src/gpgmetools.h (gpa_import_result_s): New. * src/gpgmetools.c (gpa_gpgme_update_import_results): New. (gpa_gpgme_show_import_results): New. * src/gpaimportop.c (key_import_results_dialog_run): Remove. (gpa_import_operation_done_cb): Use new functions. * src/gpafileimportop.c, src/gpafileimportop.h: New. -- The error and progress handling is not very pretty; this should be improved similar to the verify command. diff --git a/src/Makefile.am b/src/Makefile.am index d961144..9a2a408 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -154,6 +154,7 @@ gpa_SOURCES = \ gpafileencryptop.h gpafileencryptop.c \ gpafilesignop.h gpafilesignop.c \ gpafileverifyop.h gpafileverifyop.c \ + gpafileimportop.h gpafileimportop.c \ gpakeyop.h gpakeyop.c \ gpakeydeleteop.h gpakeydeleteop.c \ gpakeysignop.h gpakeysignop.c \ diff --git a/src/gpafileimportop.c b/src/gpafileimportop.c new file mode 100644 index 0000000..4cc0dc1 --- /dev/null +++ b/src/gpafileimportop.c @@ -0,0 +1,311 @@ +/* gpafileimportop.c - Import keys from a file. + Copyright (C) 2003 Miguel Coca. + Copyright (C) 2008, 2014 g10 Code GmbH. + + This file is part of GPA. + + GPA is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + GPA is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include + +#ifdef G_OS_UNIX +#include +#include +#include +#else +#include +#endif + +#include "gpa.h" +#include "gtktools.h" +#include "gpgmetools.h" +#include "filetype.h" +#include "gpafileimportop.h" + + +/* Internal functions */ +static gboolean gpa_file_import_operation_idle_cb (gpointer data); +static void gpa_file_import_operation_done_error_cb (GpaContext *context, + gpg_error_t err, + GpaFileImportOperation *op); +static void gpa_file_import_operation_done_cb (GpaContext *context, + gpg_error_t err, + GpaFileImportOperation *op); + +/* GObject */ + +static GObjectClass *parent_class = NULL; + +static void +gpa_file_import_operation_finalize (GObject *object) +{ + /* GpaFileImportOperation *op = GPA_FILE_IMPORT_OPERATION (object); */ + + G_OBJECT_CLASS (parent_class)->finalize (object); +} + + +static void +gpa_file_import_operation_init (GpaFileImportOperation *op) +{ + memset (&op->counters, 0, sizeof op->counters); +} + + +static GObject* +gpa_file_import_operation_constructor (GType type, + guint n_construct_properties, + GObjectConstructParam *construct_properties) +{ + GObject *object; + GpaFileImportOperation *op; + + /* Invoke parent's constructor */ + object = parent_class->constructor (type, + n_construct_properties, + construct_properties); + op = GPA_FILE_IMPORT_OPERATION (object); + /* Initialize */ + /* Start with the first file after going back into the main loop */ + g_idle_add (gpa_file_import_operation_idle_cb, op); + /* Connect to the "done" signal */ + g_signal_connect (G_OBJECT (GPA_OPERATION (op)->context), "done", + G_CALLBACK (gpa_file_import_operation_done_error_cb), op); + g_signal_connect (G_OBJECT (GPA_OPERATION (op)->context), "done", + G_CALLBACK (gpa_file_import_operation_done_cb), op); + /* Give a title to the progress dialog */ + gtk_window_set_title (GTK_WINDOW (GPA_FILE_OPERATION (op)->progress_dialog), + _("Importing...")); + + return object; +} + + +static void +gpa_file_import_operation_class_init (GpaFileImportOperationClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + + parent_class = g_type_class_peek_parent (klass); + + object_class->constructor = gpa_file_import_operation_constructor; + object_class->finalize = gpa_file_import_operation_finalize; +} + + +GType +gpa_file_import_operation_get_type (void) +{ + static GType file_import_operation_type = 0; + + if (!file_import_operation_type) + { + static const GTypeInfo file_import_operation_info = + { + sizeof (GpaFileImportOperationClass), + (GBaseInitFunc) NULL, + (GBaseFinalizeFunc) NULL, + (GClassInitFunc) gpa_file_import_operation_class_init, + NULL, /* class_finalize */ + NULL, /* class_data */ + sizeof (GpaFileImportOperation), + 0, /* n_preallocs */ + (GInstanceInitFunc) gpa_file_import_operation_init + }; + + file_import_operation_type = g_type_register_static + (GPA_FILE_OPERATION_TYPE, "GpaFileImportOperation", + &file_import_operation_info, 0); + } + + return file_import_operation_type; +} + + +/* API */ + + +GpaFileImportOperation* +gpa_file_import_operation_new (GtkWidget *window, GList *files) +{ + GpaFileImportOperation *op; + + op = g_object_new (GPA_FILE_IMPORT_OPERATION_TYPE, + "window", window, + "input_files", files, + NULL); + + return op; +} + + +/* Internal */ + + +static gboolean +proc_one_file (GpaFileImportOperation *op, gpa_file_item_t file_item) +{ + gpg_error_t err; + int fd; + gpgme_data_t data; + + if (file_item->direct_in) + { + /* No copy is made. */ + err = gpgme_data_new_from_mem (&data, file_item->direct_in, + file_item->direct_in_len, 0); + if (err) + { + gpa_gpgme_warning (err); + return FALSE; + } + + gpgme_set_protocol (GPA_OPERATION (op)->context->ctx, + is_cms_data (file_item->direct_in, + file_item->direct_in_len) ? + GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP); + } + else + { + const char *filename = file_item->filename_in; + + fd = gpa_open_input (filename, &data, GPA_OPERATION (op)->window); + if (fd == -1) + return FALSE; + + gpgme_set_protocol (GPA_OPERATION (op)->context->ctx, + is_cms_file (filename) ? + GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP); + } + + + /* Start importing one file. */ + err = gpgme_op_import_start (GPA_OPERATION (op)->context->ctx, data); + if (err) + { + gpa_gpgme_warning (err); + return FALSE; + } + + /* Show and update the progress dialog */ + gtk_widget_show_all (GPA_FILE_OPERATION (op)->progress_dialog); + gpa_progress_dialog_set_label (GPA_PROGRESS_DIALOG + (GPA_FILE_OPERATION (op)->progress_dialog), + file_item->direct_name + ? file_item->direct_name + : file_item->filename_in); + + return TRUE; +} + + +static void +gpa_file_import_operation_next (GpaFileImportOperation *op) +{ + if (!GPA_FILE_OPERATION (op)->current + || !proc_one_file (op, GPA_FILE_OPERATION (op)->current->data)) + { + /* Finished all files. */ + gtk_widget_hide (GPA_FILE_OPERATION (op)->progress_dialog); + if (op->counters.imported > 0) + { + if (op->counters.secret_imported) + g_signal_emit_by_name (GPA_OPERATION (op), "imported_secret_keys"); + else + g_signal_emit_by_name (GPA_OPERATION (op), "imported_keys"); + } + gpa_gpgme_show_import_results (GPA_OPERATION (op)->window, &op->counters); + } +} + + +static gboolean +gpa_file_import_operation_idle_cb (gpointer data) +{ + GpaFileImportOperation *op = data; + + gpa_file_import_operation_next (op); + + return FALSE; +} + + +static void +gpa_file_import_operation_done_cb (GpaContext *context, + gpg_error_t err, + GpaFileImportOperation *op) +{ + if (err) + { + gpa_gpgme_update_import_results (&op->counters, 1, 1, NULL); + } + else + { + gpgme_import_result_t res; + + res = gpgme_op_import_result (GPA_OPERATION (op)->context->ctx); + gpa_gpgme_update_import_results (&op->counters, 1, 0, res); + + } + + if (gpg_err_code (err) != GPG_ERR_CANCELED) + { + /* Go to the next file in the list and import it. */ + GPA_FILE_OPERATION (op)->current = (g_list_next + (GPA_FILE_OPERATION (op)->current)); + gpa_file_import_operation_next (op); + } +} + + +static void +gpa_file_import_operation_done_error_cb (GpaContext *context, gpg_error_t err, + GpaFileImportOperation *op) +{ + gpa_file_item_t file_item = GPA_FILE_OPERATION (op)->current->data; + + /* FIXME: Add the errors to a list and show a dialog with all import + errors, similar to the verify status. */ + switch (gpg_err_code (err)) + { + case GPG_ERR_NO_ERROR: + case GPG_ERR_CANCELED: + /* Ignore these */ + break; + + case GPG_ERR_NO_DATA: + gpa_show_warning (GPA_OPERATION (op)->window, + file_item->direct_name + ? _("\"%s\" contained no OpenPGP data.") + : _("The file \"%s\" contained no OpenPGP" + "data."), + file_item->direct_name + ? file_item->direct_name + : file_item->filename_in); + break; + + default: + gpa_show_warning (GPA_OPERATION (op)->window, + _("Error importing \"%s\": %s <%s>"), + file_item->direct_name + ? file_item->direct_name + : file_item->filename_in, + gpg_strerror (err), gpg_strsource (err)); + break; + } +} diff --git a/src/gpafileimportop.h b/src/gpafileimportop.h new file mode 100644 index 0000000..8da190c --- /dev/null +++ b/src/gpafileimportop.h @@ -0,0 +1,77 @@ +/* gpafileimportop.h - The GpaFileImportOperation object. + * Copyright (C) 2003 Miguel Coca. + * Copyright (C) 2014 g10 Code GmbH. + * + * This file is part of GPA + * + * GPA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GPA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifndef GPA_FILE_IMPORT_OP_H +#define GPA_FILE_IMPORT_OP_H + +#include +#include +#include "gpgmetools.h" +#include "gpafileop.h" + + +/* GObject stuff */ +#define GPA_FILE_IMPORT_OPERATION_TYPE (gpa_file_import_operation_get_type ()) + +#define GPA_FILE_IMPORT_OPERATION(obj) \ + (G_TYPE_CHECK_INSTANCE_CAST ((obj), GPA_FILE_IMPORT_OPERATION_TYPE, \ + GpaFileImportOperation)) + +#define GPA_FILE_IMPORT_OPERATION_CLASS(klass) \ + (G_TYPE_CHECK_CLASS_CAST ((klass), GPA_FILE_IMPORT_OPERATION_TYPE, \ + GpaFileImportOperationClass)) + +#define GPA_IS_FILE_IMPORT_OPERATION(obj) \ + (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GPA_FILE_IMPORT_OPERATION_TYPE)) + +#define GPA_IS_FILE_IMPORT_OPERATION_CLASS(klass) \ + (G_TYPE_CHECK_CLASS_TYPE ((klass), GPA_FILE_IMPORT_OPERATION_TYPE)) + +#define GPA_FILE_IMPORT_OPERATION_GET_CLASS(obj) \ + (G_TYPE_INSTANCE_GET_CLASS ((obj), GPA_FILE_IMPORT_OPERATION_TYPE, \ + GpaFileImportOperationClass)) + +typedef struct _GpaFileImportOperation GpaFileImportOperation; +typedef struct _GpaFileImportOperationClass GpaFileImportOperationClass; + +struct _GpaFileImportOperation +{ + GpaFileOperation parent; + + struct gpa_import_result_s counters; +}; + + +struct _GpaFileImportOperationClass +{ + GpaFileOperationClass parent_class; +}; + + +GType gpa_file_import_operation_get_type (void) G_GNUC_CONST; + +/* API */ + +/* Creates a new import operation. */ +GpaFileImportOperation * +gpa_file_import_operation_new (GtkWidget *window, GList *files); + +#endif diff --git a/src/gpaimportop.c b/src/gpaimportop.c index 6169952..15b38cd 100644 --- a/src/gpaimportop.c +++ b/src/gpaimportop.c @@ -26,6 +26,7 @@ #include "gtktools.h" #include "gpaimportop.h" #include "filetype.h" +#include "gpgmetools.h" static GObjectClass *parent_class = NULL; @@ -208,36 +209,16 @@ gpa_import_operation_idle_cb (gpointer data) static void -key_import_results_dialog_run (GtkWidget *parent, - gpgme_import_result_t info) -{ - GtkWidget *dialog; - - if (info->considered == 0) - gpa_show_warning (parent, _("No keys were found.")); - else - gpa_show_info (parent, - _("%i public keys read\n" - "%i public keys imported\n" - "%i public keys unchanged\n" - "%i secret keys read\n" - "%i secret keys imported\n" - "%i secret keys unchanged"), - info->considered, info->imported, - info->unchanged, info->secret_read, - info->secret_imported, - info->secret_unchanged); -} - - -static void gpa_import_operation_done_cb (GpaContext *context, gpg_error_t err, GpaImportOperation *op) { if (! err) { + struct gpa_import_result_s result; gpgme_import_result_t res; + memset (&result, 0, sizeof result); + GPA_IMPORT_OPERATION_GET_CLASS (op)->complete_import (op); res = gpgme_op_import_result (GPA_OPERATION (op)->context->ctx); @@ -249,7 +230,9 @@ gpa_import_operation_done_cb (GpaContext *context, gpg_error_t err, { g_signal_emit_by_name (GPA_OPERATION (op), "imported_keys"); } - key_import_results_dialog_run (GPA_OPERATION (op)->window, res); + + gpa_gpgme_update_import_results (&result, 0, 0, res); + gpa_gpgme_show_import_results (GPA_OPERATION (op)->window, &result); } g_signal_emit_by_name (GPA_OPERATION (op), "completed", err); } diff --git a/src/gpgmetools.c b/src/gpgmetools.c index 3b2eba9..e2e6ec1 100644 --- a/src/gpgmetools.c +++ b/src/gpgmetools.c @@ -1219,6 +1219,73 @@ gpa_get_key_capabilities_text (gpgme_key_t key) } +/* Update the result structure RESULT using the gpgme result INFO and + the FILES and BAD_FILES counter. */ +void +gpa_gpgme_update_import_results (gpa_import_result_t result, + unsigned int files, unsigned int bad_files, + gpgme_import_result_t info) +{ + result->files += files; + result->bad_files += bad_files; + if (info) + { + result->considered += info->considered; + result->imported += info->imported; + result->unchanged += info->unchanged; + result->secret_read += info->secret_read; + result->secret_imported += info->secret_imported; + result->secret_unchanged += info->secret_unchanged; + } +} + + +void +gpa_gpgme_show_import_results (GtkWidget *parent, gpa_import_result_t result) +{ + char *buf1, *buf2; + + if (result->files) + buf2 = g_strdup_printf (_("%u file(s) read\n" + "%u file(s) with errors"), + result->files, + result->bad_files); + else + buf2 = NULL; + + + if (!result->considered) + gpa_show_warning (parent, "%s%s%s", + _("No keys were found."), + buf2? "\n":"", + buf2? buf2:""); + else + { + buf1 = g_strdup_printf (_("%i public keys read\n" + "%i public keys imported\n" + "%i public keys unchanged\n" + "%i secret keys read\n" + "%i secret keys imported\n" + "%i secret keys unchanged"), + result->considered, + result->imported, + result->unchanged, + result->secret_read, + result->secret_imported, + result->secret_unchanged); + + gpa_show_info (parent, + "%s%s%s", + buf1, + buf2? "\n":"", + buf2? buf2:""); + g_free (buf1); + } + + g_free (buf2); +} + + /* Return a copy of the key array. */ gpgme_key_t * gpa_gpgme_copy_keyarray (gpgme_key_t *keys) @@ -1244,7 +1311,7 @@ gpa_gpgme_copy_keyarray (gpgme_key_t *keys) } -/* Release all keys in the array KEYS as weel as ARRY itself. */ +/* Release all keys in the array KEYS as well as ARRAY itself. */ void gpa_gpgme_release_keyarray (gpgme_key_t *keys) { diff --git a/src/gpgmetools.h b/src/gpgmetools.h index c6d4885..1320f88 100644 --- a/src/gpgmetools.h +++ b/src/gpgmetools.h @@ -68,6 +68,25 @@ typedef struct } gpa_keygen_para_t; +/* An object to collect information about key imports. */ +struct gpa_import_result_s +{ + unsigned int files; /* # of files imported. */ + unsigned int bad_files; /* # of files with errors. */ + + /* To avoid breaking translated strings the variables below are int + and not unsigned int as they should be for counters. */ + int considered; + int imported; + int unchanged; + int secret_read; + int secret_imported; + int secret_unchanged; +}; +typedef struct gpa_import_result_s *gpa_import_result_t; + + + /* Report an unexpected error in GPGME and quit the application. Better to use the macro instead of the function. */ #define gpa_gpgme_error(err) \ @@ -142,6 +161,16 @@ const gchar *gpa_key_ownertrust_string (gpgme_key_t key); /* Key validity strings. */ const gchar *gpa_key_validity_string (gpgme_key_t key); +/* Function to manage import results. */ +void gpa_gpgme_update_import_results (gpa_import_result_t result, + unsigned int files, + unsigned int bad_files, + gpgme_import_result_t info); +void gpa_gpgme_show_import_results (GtkWidget *parent, + gpa_import_result_t result); + + + /* This is the function called by GPGME when it wants a passphrase. */ gpg_error_t gpa_passphrase_cb (void *hook, const char *uid_hint, diff --git a/src/server.c b/src/server.c index c7c7740..0c7209a 100644 --- a/src/server.c +++ b/src/server.c @@ -45,6 +45,7 @@ #include "gpafilesignop.h" #include "gpafiledecryptop.h" #include "gpafileverifyop.h" +#include "gpafileimportop.h" #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) @@ -107,7 +108,6 @@ struct conn_ctrl_s /* The list of all files to be processed. */ GList *files; - gboolean files_finished; }; @@ -349,7 +349,6 @@ release_files (conn_ctrl_t ctrl) g_list_foreach (ctrl->files, (GFunc) free_file_item, NULL); g_list_free (ctrl->files); ctrl->files = NULL; - ctrl->files_finished = FALSE; } @@ -1261,22 +1260,24 @@ cmd_getinfo (assuan_context_t ctx, char *line) } -/* FILE [--continued] - - Set the files on which to operate. - */ +static const char hlp_file[] = + "FILE [--clear] \n" + "\n" + "Add FILE to the list of files on which to operate.\n" + "With --clear given, that list is first cleared."; static gpg_error_t cmd_file (assuan_context_t ctx, char *line) { gpg_error_t err = 0; conn_ctrl_t ctrl = assuan_get_pointer (ctx); - gboolean continued; + gboolean clear; gpa_file_item_t file_item; char *tail; - continued = has_option (line, "--continued"); + clear = has_option (line, "--clear"); + line = skip_options (line); - if (ctrl->files_finished) + if (clear) release_files (ctrl); tail = line; @@ -1289,13 +1290,12 @@ cmd_file (assuan_context_t ctx, char *line) file_item->filename_in = g_strdup (line); ctrl->files = g_list_append (ctrl->files, file_item); - if (! continued) - ctrl->files_finished = TRUE; - return assuan_process_done (ctx, err); } +/* Encrypt or sign files. If neither ENCR nor SIGN is set, import + files. */ static gpg_error_t impl_encrypt_sign_files (assuan_context_t ctx, int encr, int sign) { @@ -1308,11 +1308,6 @@ impl_encrypt_sign_files (assuan_context_t ctx, int encr, int sign) err = set_error (GPG_ERR_ASS_SYNTAX, "no files specified"); return assuan_process_done (ctx, err); } - else if (! ctrl->files_finished) - { - err = set_error (GPG_ERR_ASS_SYNTAX, "more files expected"); - return assuan_process_done (ctx, err); - } /* FIXME: Needs a root window. Need to set "sign" default. */ if (encr && sign) @@ -1321,13 +1316,15 @@ impl_encrypt_sign_files (assuan_context_t ctx, int encr, int sign) else if (encr) op = (GpaFileOperation *) gpa_file_encrypt_operation_new (NULL, ctrl->files, FALSE); - else + else if (sign) op = (GpaFileOperation *) gpa_file_sign_operation_new (NULL, ctrl->files, FALSE); + else + op = (GpaFileOperation *) + gpa_file_import_operation_new (NULL, ctrl->files); /* Ownership of CTRL->files was passed to callee. */ ctrl->files = NULL; - ctrl->files_finished = FALSE; g_signal_connect (G_OBJECT (op), "completed", G_CALLBACK (g_object_unref), NULL); @@ -1416,11 +1413,6 @@ impl_decrypt_verify_files (assuan_context_t ctx, int decrypt, int verify) err = set_error (GPG_ERR_ASS_SYNTAX, "no files specified"); return assuan_process_done (ctx, err); } - else if (! ctrl->files_finished) - { - err = set_error (GPG_ERR_ASS_SYNTAX, "more files expected"); - return assuan_process_done (ctx, err); - } /* FIXME: Needs a root window. Need to enable "verify". */ if (decrypt && verify) @@ -1435,7 +1427,6 @@ impl_decrypt_verify_files (assuan_context_t ctx, int decrypt, int verify) /* Ownership of CTRL->files was passed to callee. */ ctrl->files = NULL; - ctrl->files_finished = FALSE; g_signal_connect (G_OBJECT (op), "completed", G_CALLBACK (g_object_unref), NULL); @@ -1531,10 +1522,10 @@ cmd_import_files (assuan_context_t ctx, char *line) return assuan_process_done (ctx, err); } - err = set_error (GPG_ERR_NOT_IMPLEMENTED, "not implemented"); - return assuan_process_done (ctx, err); + return impl_encrypt_sign_files (ctx, 0, 0); } + /* CHECKSUM_CREATE_FILES --nohup */ static gpg_error_t @@ -1670,7 +1661,7 @@ register_commands (assuan_context_t ctx) #endif /*ENABLE_CARD_MANAGER*/ { "START_CONFDIALOG", cmd_start_confdialog, hlp_start_confdialog }, { "GETINFO", cmd_getinfo, hlp_getinfo }, - { "FILE", cmd_file }, + { "FILE", cmd_file, hlp_file }, { "ENCRYPT_FILES", cmd_encrypt_files }, { "SIGN_FILES", cmd_sign_files }, { "ENCRYPT_SIGN_FILES", cmd_encrypt_sign_files }, ----------------------------------------------------------------------- Summary of changes: po/de.po | 105 ++++++++++------- src/Makefile.am | 1 + src/gpafileimportop.c | 311 +++++++++++++++++++++++++++++++++++++++++++++++++ src/gpafileimportop.h | 77 ++++++++++++ src/gpaimportop.c | 31 ++--- src/gpgmetools.c | 69 ++++++++++- src/gpgmetools.h | 29 +++++ src/server.c | 47 +++----- 8 files changed, 574 insertions(+), 96 deletions(-) create mode 100644 src/gpafileimportop.c create mode 100644 src/gpafileimportop.h hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 20 21:12:15 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 20 Nov 2014 21:12:15 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-31-g8f8e943 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8f8e94322d5cc65add4dbd4c3b9b2c09a0b855ee (commit) from f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8f8e94322d5cc65add4dbd4c3b9b2c09a0b855ee Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 speedo: Add libadns to the Windows installer. -- diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index aeab7a0..101e6d1 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -612,6 +612,15 @@ Section "-zlib" SEC_zlib File bin/zlib1.dll SectionEnd +Section "-adns" SEC_adns + SetOutPath "$INSTDIR\bin" + File bin/libadns-1.dll + SetOutPath "$INSTDIR\lib" + File /oname=libadns.imp lib/libadns.dll.a + SetOutPath "$INSTDIR\include" + File include/adns.h +SectionEnd + Section "-npth" SEC_npth SetOutPath "$INSTDIR\bin" File bin/libnpth-0.dll @@ -1037,6 +1046,12 @@ Section "-un.npth" Delete "$INSTDIR\include\npth.h" SectionEnd +Section "-un.adns" + Delete "$INSTDIR\bin\libadns-1.dll" + Delete "$INSTDIR\lib\libadns.imp" + Delete "$INSTDIR\include\adns.h" +SectionEnd + Section "-un.zlib" Delete "$INSTDIR\bin\zlib1.dll" SectionEnd ----------------------------------------------------------------------- Summary of changes: build-aux/speedo/w32/inst.nsi | 15 +++++++++++++++ 1 file changed, 15 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 21 11:39:26 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 21 Nov 2014 11:39:26 +0100 Subject: [git] GPA - branch, master, updated. gpa-0.9.4-56-ga46182f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via a46182fed6094502341d0192208e5567b6a2b155 (commit) via 886e24fe1a6a93b323bc850c01dd0551769cd3f7 (commit) via 89cd7eb5f68e91433ba6f0e118afc48f2e8841db (commit) via e8c85c1cbf82b7501e5d3ad64bdde79b72707a4a (commit) via 719bbe7ae59e0dfd7bd3951a01d5d31e80771800 (commit) via 7fdf8d8f097ddd27267d8e6186a561748a60add2 (commit) via 1a51becdf8f741be7083306f9000f97e283376fd (commit) from 1ffb7d173b4268b61e2f955b3335ed37901e010c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a46182fed6094502341d0192208e5567b6a2b155 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index b9129ac..a66d0cc 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 0.9.7 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 0.9.6 (2014-11-21) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 97beedd..4c35e71 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.10" # (git tag -s gpa-1.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [0.9.6]) +m4_define([mym4_version], [0.9.7]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 886e24fe1a6a93b323bc850c01dd0551769cd3f7 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 Release 0.9.6. diff --git a/NEWS b/NEWS index 799f78b..b9129ac 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ -Noteworthy changes in version 0.9.6 (unreleased) +Noteworthy changes in version 0.9.6 (2014-11-21) ------------------------------------------------ + * Support keyserver operations for GnuPG 2.1. + + * Implement the IMPORT_FILES server command. + + * New "Refresh Key" action in the key manager's context menu. + Noteworthy changes in version 0.9.5 (2014-09-01) ------------------------------------------------ commit 89cd7eb5f68e91433ba6f0e118afc48f2e8841db Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 Do not create gzipped tarball. * Makefile.am (AUTOMAKE_OPTIONS): Remove. * configure.ac (AM_INIT_AUTOMAKE): Add options here. diff --git a/Makefile.am b/Makefile.am index e24d01b..5aa9ade 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,7 +19,6 @@ # along with this program; if not, see . ACLOCAL_AMFLAGS = -I m4 -AUTOMAKE_OPTIONS = dist-bzip2 SUBDIRS = m4 src po pixmaps doc diff --git a/configure.ac b/configure.ac index eac3a07..97beedd 100644 --- a/configure.ac +++ b/configure.ac @@ -55,7 +55,7 @@ NEED_GPGME_VERSION=1.5.0 AC_CONFIG_AUX_DIR([build-aux]) AM_CONFIG_HEADER(config.h) AC_CONFIG_SRCDIR(src/gpa.c) -AM_INIT_AUTOMAKE($PACKAGE_NAME, $PACKAGE_VERSION) +AM_INIT_AUTOMAKE([dist-bzip2 no-dist-gzip]) PACKAGE=$PACKAGE_NAME VERSION=$PACKAGE_VERSION commit e8c85c1cbf82b7501e5d3ad64bdde79b72707a4a Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 po: Auto-update -- diff --git a/po/ar.po b/po/ar.po index e778a2c..f6f85c4 100644 --- a/po/ar.po +++ b/po/ar.po @@ -483,24 +483,14 @@ msgstr "???????? ?????????? ??????????????..." msgid "Import keys from file" msgstr "???????????? ???????????????? ?????????????? ???? ????????" -msgid "No keys were found." -msgstr "???? ???????? ????????????." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"?????????? %i ???????????? ??????????\n" -"?????????????????? %i ???????????? ??????????\n" -"???? ?????????? %i ???????????? ??????????\n" -"?????????? %i ???????????? ??????????\n" -"?????????????????? %i ???????????? ??????????\n" -"???? ?????????? %i ???????????? ??????????" + +msgid "No keys were found." +msgstr "???? ???????? ????????????." msgid "" "Invalid time given.\n" @@ -527,6 +517,10 @@ msgstr "?????? ?????????????? ???????? ?????????????? ??????????????!" msgid "You haven't selected a default key to sign with!" msgstr "???? ???????? ?????????? ?????????????? ????????????." +#, fuzzy +msgid "Which key do you want to import?" +msgstr "???? ???????????????? ???????? ?????????????????? (?????? ???????????? ?????????????? ??????????????)." + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "???? ???????????????? ???????? ?????????????????? (?????? ???????????? ?????????????? ??????????????)." @@ -876,6 +870,28 @@ msgstr "???????? ?????????????? ?????????????? ???? ?????????????? ??????." msgid "This key is useless." msgstr "???? ?????????? ???????? ??????????????." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"?????????? %i ???????????? ??????????\n" +"?????????????????? %i ???????????? ??????????\n" +"???? ?????????? %i ???????????? ??????????\n" +"?????????? %i ???????????? ??????????\n" +"?????????????????? %i ???????????? ??????????\n" +"???? ?????????? %i ???????????? ??????????" + msgid "A required engine component is not installed." msgstr "" @@ -902,14 +918,6 @@ msgid "Invalid character in comments." msgstr "" #, fuzzy -msgid "Error" -msgstr "?????? ???? GPA" - -#, fuzzy -msgid "Message" -msgstr "?????????? GPA" - -#, fuzzy msgid "GPA is the GNU Privacy Assistant." msgstr "?????? ?????????? ???????????? ??????" @@ -1289,6 +1297,14 @@ msgid "Retrieve keys from server" msgstr "" #, fuzzy +msgid "Re_fresh Keys" +msgstr "???????? ???????? ????????????????" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "/????_?????? ???????????????? ??????????????..." + +#, fuzzy msgid "_Send Keys..." msgstr "/??_?????? ????????????????..." @@ -2233,6 +2249,14 @@ msgid "" "on this card." msgstr "" +#, fuzzy +#~ msgid "Error" +#~ msgstr "?????? ???? GPA" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "?????????? GPA" + #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "?????????? ???????????? ?????? - ??????????????" @@ -2600,6 +2624,3 @@ msgstr "" #~ msgid "detailed" #~ msgstr "????????????????" - -#~ msgid "refresh keyring" -#~ msgstr "???????? ???????? ????????????????" diff --git a/po/cs.po b/po/cs.po index 9fa3f8b..fd6cade 100644 --- a/po/cs.po +++ b/po/cs.po @@ -460,24 +460,14 @@ msgstr "Vytv?????? se kl???? ..." msgid "Import keys from file" msgstr "Importovat kl????e ze souboru" -msgid "No keys were found." -msgstr "Nebyly nalezeny ????dn?? kl????e." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i p??e??teno ve??ejn??ch kl??????\n" -"%i z??sk??no ve??ejn??ch kl??????\n" -"%i nezm??n??n??ch ve??ejn??ch kl??????\n" -"%i p??e??teno soukrom??ch kl??????\n" -"%i z??sk??no soukrom??ch kl??????\n" -"%i nezm??n??n??ch soukrom??ch kl??????" + +msgid "No keys were found." +msgstr "Nebyly nalezeny ????dn?? kl????e." msgid "" "Invalid time given.\n" @@ -502,6 +492,10 @@ msgstr "Tento kl???? u?? jste s??m podepsal!" msgid "You haven't selected a default key to sign with!" msgstr "Nebyl vybr??n v??choz?? kl???? pro podepisov??n??!" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "Kter?? kl???? chcete z??skat? (Mus??te zadat ID kl????e)." + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "Kter?? kl???? chcete z??skat? (Mus??te zadat ID kl????e)." @@ -851,6 +845,28 @@ msgstr "Tento kl???? sm?? b??t pou??it pouze pro ??ifrov??n??." msgid "This key is useless." msgstr "Tento kl???? je nepou??iteln??." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i p??e??teno ve??ejn??ch kl??????\n" +"%i z??sk??no ve??ejn??ch kl??????\n" +"%i nezm??n??n??ch ve??ejn??ch kl??????\n" +"%i p??e??teno soukrom??ch kl??????\n" +"%i z??sk??no soukrom??ch kl??????\n" +"%i nezm??n??n??ch soukrom??ch kl??????" + msgid "A required engine component is not installed." msgstr "Po??adovan?? komponenta stroje nen?? instalovan??." @@ -875,12 +891,6 @@ msgstr "E-mailov?? adresa nen?? platn??." msgid "Invalid character in comments." msgstr "Neplatn?? znak v koment??????ch." -msgid "Error" -msgstr "Fehler" - -msgid "Message" -msgstr "Zpr??va" - msgid "GPA is the GNU Privacy Assistant." msgstr "GPA je GNU Privacy Assistant" @@ -1238,6 +1248,14 @@ msgstr "_Z??skat kl????e..." msgid "Retrieve keys from server" msgstr "Z??skat kl????e ze serveru" +#, fuzzy +msgid "Re_fresh Keys" +msgstr "Aktualizovat keyring" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "Z??skat kl????e ze serveru" + msgid "_Send Keys..." msgstr "Ode_slat kl????e..." @@ -2312,6 +2330,12 @@ msgstr "" "Pro kartu %s nen?? mnoho informac?? ke zobrazen??. Zkuste pou????t tla????tko pro " "volbu aplikace pro p??epnut?? na jinou aplikaci, kter?? je na kart?? k dispozici." +#~ msgid "Error" +#~ msgstr "Fehler" + +#~ msgid "Message" +#~ msgstr "Zpr??va" + #~ msgid "[S]" #~ msgstr "[S]" diff --git a/po/de.po b/po/de.po index fdb8ffe..dc3d699 100644 --- a/po/de.po +++ b/po/de.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: gpa\n" "Report-Msgid-Bugs-To: gpa-dev at gnupg.org\n" -"PO-Revision-Date: 2014-11-20 15:46+0100\n" +"PO-Revision-Date: 2014-11-21 09:40+0100\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "Language: de\n" @@ -468,7 +468,8 @@ msgid "" "Use the long keyid or a fingerprint for a better match" msgstr "" "Mehr als %d Schl??ssel entsprechen Ihren Suchkriterien.\n" -"Benutzen Sie die lange Schl??sselkennung oder den Fingerprint f??r eine verfeinerte Suche." +"Benutzen Sie die lange Schl??sselkennung oder den Fingerprint f??r eine " +"verfeinerte Suche." msgid "No keys were found." msgstr "Es wurde kein Schl??ssel gefunden." @@ -1265,6 +1266,12 @@ msgstr "_Schl??ssel erhalten..." msgid "Retrieve keys from server" msgstr "Schl??ssel _zum Key-Server senden" +msgid "Re_fresh Keys" +msgstr "Schl??ssel auf_frischen" + +msgid "Refresh keys from server" +msgstr "Schl??ssel vom Key-Server auffrischen" + msgid "_Send Keys..." msgstr "Schl??ssel _Senden..." @@ -2677,9 +2684,6 @@ msgstr "" #~ msgid "detailed" #~ msgstr "detailliert" -#~ msgid "refresh keyring" -#~ msgstr "Schl??sselbund auffrischen" - #~ msgid "Key Validity" #~ msgstr "G??ltigkeit des Schl??ssels" diff --git a/po/es.po b/po/es.po index 5b664c6..1dacda5 100644 --- a/po/es.po +++ b/po/es.po @@ -488,24 +488,14 @@ msgstr "Generando Clave..." msgid "Import keys from file" msgstr "Importar claves p??blicas de fichero" -msgid "No keys were found." -msgstr "No se encontr?? ninguna clave." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i claves p??blicas le??das\n" -"%i claves p??blicas importadas\n" -"%i claces p??blicas sin cambios\n" -"%i claves secretas le??das\n" -"%i claves secretas importadas\n" -"%i claves secretas sin cambios" + +msgid "No keys were found." +msgstr "No se encontr?? ninguna clave." msgid "" "Invalid time given.\n" @@ -532,6 +522,11 @@ msgstr "??Esta clave ya ha sido firmada con la suya!" msgid "You haven't selected a default key to sign with!" msgstr "??No ha seleccionado una clave por defecto con la que firmar!" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "" +"??Qu?? clave desea importar? (La clave debe especificarse por su ID de clave)." + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "" "??Qu?? clave desea importar? (La clave debe especificarse por su ID de clave)." @@ -886,6 +881,28 @@ msgstr "Esta clave puede utilizarse tan s??lo para cifrado." msgid "This key is useless." msgstr "Esta clave no vale para nada." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i claves p??blicas le??das\n" +"%i claves p??blicas importadas\n" +"%i claces p??blicas sin cambios\n" +"%i claves secretas le??das\n" +"%i claves secretas importadas\n" +"%i claves secretas sin cambios" + msgid "A required engine component is not installed." msgstr "" @@ -912,14 +929,6 @@ msgid "Invalid character in comments." msgstr "" #, fuzzy -msgid "Error" -msgstr "Error de GPA" - -#, fuzzy -msgid "Message" -msgstr "Mensaje de GPA" - -#, fuzzy msgid "GPA is the GNU Privacy Assistant." msgstr "Comprendiendo el GNU Privacy Assistant" @@ -1316,6 +1325,14 @@ msgid "Retrieve keys from server" msgstr "" #, fuzzy +msgid "Re_fresh Keys" +msgstr "actualizar el anillo de llaves" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "E_nviar claves al servidor" + +#, fuzzy msgid "_Send Keys..." msgstr "/_Firmar Claves..." @@ -2269,6 +2286,14 @@ msgid "" "on this card." msgstr "" +#, fuzzy +#~ msgid "Error" +#~ msgstr "Error de GPA" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "Mensaje de GPA" + #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Privacy Assistant - Portapapeles" @@ -2636,6 +2661,3 @@ msgstr "" #~ msgid "detailed" #~ msgstr "detallada" - -#~ msgid "refresh keyring" -#~ msgstr "actualizar el anillo de llaves" diff --git a/po/fr.po b/po/fr.po index 3f3113d..f32cdf8 100644 --- a/po/fr.po +++ b/po/fr.po @@ -473,24 +473,14 @@ msgstr "G??n??ration de clef???" msgid "Import keys from file" msgstr "Importer des clefs publiques d'un fichier" -msgid "No keys were found." -msgstr "Clefs introuvables." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i clefs publiques lues\n" -"%i clefs publiques import??es\n" -"%i clefs publiques inchang??es\n" -"%i clefs secr??tes lues\n" -"%i clefs secr??tes import??es\n" -"%i clefs secr??tes inchang??es" + +msgid "No keys were found." +msgstr "Clefs introuvables." msgid "" "Invalid time given.\n" @@ -517,6 +507,12 @@ msgstr "Cette clef a d??j?? ??t?? sign??e par la v??tre !" msgid "You haven't selected a default key to sign with!" msgstr "Pas de clef par d??faut pour signer !" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "" +"Quelle clef d??sirez-vous importer (La clef doit ??tre sp??cifi??e par son ID de " +"clef) ?" + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "" "Quelle clef d??sirez-vous importer (La clef doit ??tre sp??cifi??e par son ID de " @@ -876,6 +872,28 @@ msgstr "La clef peut ??tre utilis??e pour fins de chiffrement seulement." msgid "This key is useless." msgstr "Cette clef est inutilisable." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i clefs publiques lues\n" +"%i clefs publiques import??es\n" +"%i clefs publiques inchang??es\n" +"%i clefs secr??tes lues\n" +"%i clefs secr??tes import??es\n" +"%i clefs secr??tes inchang??es" + msgid "A required engine component is not installed." msgstr "" @@ -901,14 +919,6 @@ msgstr "" msgid "Invalid character in comments." msgstr "" -#, fuzzy -msgid "Error" -msgstr "Erreur GPA" - -#, fuzzy -msgid "Message" -msgstr "Message de GPA" - msgid "GPA is the GNU Privacy Assistant." msgstr "GPA est l'assistant GNU Privacy." @@ -1281,6 +1291,14 @@ msgstr "_R??cup??ration de clefs???" msgid "Retrieve keys from server" msgstr "R??cup??rer des clefs depuis un serveur" +#, fuzzy +msgid "Re_fresh Keys" +msgstr "Recharger le trousseau de clefs" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "R??cup??rer des clefs depuis un serveur" + msgid "_Send Keys..." msgstr "_Envoyer des clefs???" @@ -2245,6 +2263,14 @@ msgid "" "on this card." msgstr "" +#, fuzzy +#~ msgid "Error" +#~ msgstr "Erreur GPA" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "Message de GPA" + #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "Assistant GNU Privacy - Presse-papiers" diff --git a/po/ja.po b/po/ja.po index ae95e4f..c83a838 100644 --- a/po/ja.po +++ b/po/ja.po @@ -502,24 +502,14 @@ msgstr " msgid "Import keys from file" msgstr "??????????????????????????????????" -msgid "No keys were found." -msgstr "??????????????????????????" - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i ??????????????????????????\n" -"%i ??????????????????????????????\n" -"%i ??????????????????????\n" -"%i ??????????????????????????\n" -"%i ??????????????????????????????\n" -"%i ??????????????????????" + +msgid "No keys were found." +msgstr "??????????????????????????" msgid "" "Invalid time given.\n" @@ -544,6 +534,10 @@ msgstr " msgid "You haven't selected a default key to sign with!" msgstr "??????????????????????????????????????????" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "??????????????????????????? (???? ID ????????????????????????)" + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "??????????????????????????? (???? ID ????????????????????????)" @@ -896,6 +890,28 @@ msgstr " msgid "This key is useless." msgstr "????????????????????" +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i ??????????????????????????\n" +"%i ??????????????????????????????\n" +"%i ??????????????????????\n" +"%i ??????????????????????????\n" +"%i ??????????????????????????????\n" +"%i ??????????????????????" + msgid "A required engine component is not installed." msgstr "" @@ -921,13 +937,6 @@ msgstr "" msgid "Invalid character in comments." msgstr "" -msgid "Error" -msgstr "??????" - -#, fuzzy -msgid "Message" -msgstr "GPA ??????????" - #, fuzzy msgid "GPA is the GNU Privacy Assistant." msgstr "GNU Privacy Assistant ????????????????" @@ -1305,6 +1314,14 @@ msgid "Retrieve keys from server" msgstr "??????????????????" #, fuzzy +msgid "Re_fresh Keys" +msgstr "????????" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "??????????????????" + +#, fuzzy msgid "_Send Keys..." msgstr "/????????... (_S)" @@ -2267,6 +2284,13 @@ msgid "" "on this card." msgstr "" +#~ msgid "Error" +#~ msgstr "??????" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "GPA ??????????" + #, fuzzy #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Privacy Assistant - ??????????????????" diff --git a/po/nl.po b/po/nl.po index 38f9190..641498d 100644 --- a/po/nl.po +++ b/po/nl.po @@ -499,24 +499,14 @@ msgstr "Genereren van de sleutel..." msgid "Import keys from file" msgstr "Importeer publieke sleutels vanuit een bestand" -msgid "No keys were found." -msgstr "Geen sleutels gevonden." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i publieke sleutels gelezen\n" -"%i publieke sleutels ge?mporteerd\n" -"%i publieke sleutels onveranderd\n" -"%i geheime sleutels gelezen\n" -"%i geheime sleutels ge?mporteerd\n" -"%i geheime sleutels onveranderd" + +msgid "No keys were found." +msgstr "Geen sleutels gevonden." msgid "" "Invalid time given.\n" @@ -541,6 +531,12 @@ msgstr "Deze sleutel is al ondertekend met uw eigen sleutel!" msgid "You haven't selected a default key to sign with!" msgstr "U hebt geen sleutel geselecteerd voor ondertekening" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "" +"Welke sleutel wilt u importeren? (De sleutel moet aangeduid zijn\n" +"met zijn sleutel id." + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "" "Welke sleutel wilt u importeren? (De sleutel moet aangeduid zijn\n" @@ -898,6 +894,28 @@ msgstr "De sleutel kan alleen gebruikt worden voor versleuteling." msgid "This key is useless." msgstr "Deze sleutel is waardeloos." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i publieke sleutels gelezen\n" +"%i publieke sleutels ge?mporteerd\n" +"%i publieke sleutels onveranderd\n" +"%i geheime sleutels gelezen\n" +"%i geheime sleutels ge?mporteerd\n" +"%i geheime sleutels onveranderd" + msgid "A required engine component is not installed." msgstr "" @@ -923,13 +941,6 @@ msgstr "" msgid "Invalid character in comments." msgstr "" -msgid "Error" -msgstr "Fout" - -#, fuzzy -msgid "Message" -msgstr "GPA Bericht" - #, fuzzy msgid "GPA is the GNU Privacy Assistant." msgstr "De GNU Privacy Assistent verstaan" @@ -1312,6 +1323,14 @@ msgid "Retrieve keys from server" msgstr "Ontvang sleutel van server:" #, fuzzy +msgid "Re_fresh Keys" +msgstr "Verwijder sleutel" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "Ontvang sleutel van server:" + +#, fuzzy msgid "_Send Keys..." msgstr "/_Onderteken Sleutels..." @@ -2272,6 +2291,13 @@ msgid "" "on this card." msgstr "" +#~ msgid "Error" +#~ msgstr "Fout" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "GPA Bericht" + #, fuzzy #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Privacy Assistant - Bestands beheerder" diff --git a/po/pl.po b/po/pl.po index d527047..09a5859 100644 --- a/po/pl.po +++ b/po/pl.po @@ -500,24 +500,14 @@ msgstr "Generowanie klucza..." msgid "Import keys from file" msgstr "Import kluczy publicznych z pliku" -msgid "No keys were found." -msgstr "Nie odnaleziono ??adnych kluczy." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i publicznych kluczy odczytano\n" -"%i publicznych kluczy zaimportowano\n" -"%i publicznych kluczy nie uleg??o zmianie\n" -"%i tajnych kluczy odczytano\n" -"%i tajnych kluczy zaimportowano\n" -"%i tajnych kluczy nie uleg??o zmianie" + +msgid "No keys were found." +msgstr "Nie odnaleziono ??adnych kluczy." msgid "" "Invalid time given.\n" @@ -542,6 +532,10 @@ msgstr "Ten klucz zosta?? ju?? podpisany przez ciebie!" msgid "You haven't selected a default key to sign with!" msgstr "Nie wybrano domy??lnego klucza, kt??ry ma pos??u??y?? do podpisania!" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "Kt??ry klucz chcesz importowa??? (Nale??y poda?? identyfikator klucza)." + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "Kt??ry klucz chcesz importowa??? (Nale??y poda?? identyfikator klucza)." @@ -899,6 +893,28 @@ msgstr "Ten klucz mo??e by?? u??yty tylko do szyfrowania." msgid "This key is useless." msgstr "Ten klucz jest bezu??yteczny." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i publicznych kluczy odczytano\n" +"%i publicznych kluczy zaimportowano\n" +"%i publicznych kluczy nie uleg??o zmianie\n" +"%i tajnych kluczy odczytano\n" +"%i tajnych kluczy zaimportowano\n" +"%i tajnych kluczy nie uleg??o zmianie" + msgid "A required engine component is not installed." msgstr "" @@ -924,14 +940,6 @@ msgid "Invalid character in comments." msgstr "" #, fuzzy -msgid "Error" -msgstr "B????d GPA" - -#, fuzzy -msgid "Message" -msgstr "Komunikat GPA" - -#, fuzzy msgid "GPA is the GNU Privacy Assistant." msgstr "GNU Privacy Assistant - Mened??er plik??w " @@ -1315,6 +1323,14 @@ msgid "Retrieve keys from server" msgstr "" #, fuzzy +msgid "Re_fresh Keys" +msgstr "od??wie??a zbi??r kluczy" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "/W_y??lij klucze na serwer..." + +#, fuzzy msgid "_Send Keys..." msgstr "/_Podpisz klucze..." @@ -2269,6 +2285,14 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "Error" +#~ msgstr "B????d GPA" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "Komunikat GPA" + +#, fuzzy #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Privacy Assistant - Mened??er plik??w " @@ -2646,9 +2670,6 @@ msgstr "" #~ msgid "detailed" #~ msgstr "szczeg????owy" -#~ msgid "refresh keyring" -#~ msgstr "od??wie??a zbi??r kluczy" - #~ msgid "Sign files" #~ msgstr "Podpisz pliki" diff --git a/po/pt_BR.po b/po/pt_BR.po index 053955a..334fc1e 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -502,24 +502,14 @@ msgstr "/Chaves/_Gerar Chave..." msgid "Import keys from file" msgstr "Importar chave p?blica de um arquivo" -msgid "No keys were found." -msgstr "Nenhuma chave foi encontrada." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i chave p?blica lida\n" -"%i chave p?blica importada\n" -"%i chave p?blica sem altera??es\n" -"%i chave secreta lida\n" -"%i chave secreta importada\n" -"%i chave secreta sem altera??es" + +msgid "No keys were found." +msgstr "Nenhuma chave foi encontrada." msgid "" "Invalid time given.\n" @@ -544,6 +534,9 @@ msgstr "Esta chave j msgid "You haven't selected a default key to sign with!" msgstr "Voc? n?o selecionou uma chave default para assinar!" +msgid "Which key do you want to import?" +msgstr "" + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "" @@ -897,6 +890,28 @@ msgstr "E n msgid "This key is useless." msgstr "" +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i chave p?blica lida\n" +"%i chave p?blica importada\n" +"%i chave p?blica sem altera??es\n" +"%i chave secreta lida\n" +"%i chave secreta importada\n" +"%i chave secreta sem altera??es" + msgid "A required engine component is not installed." msgstr "" @@ -922,13 +937,6 @@ msgstr "" msgid "Invalid character in comments." msgstr "" -msgid "Error" -msgstr "Erro" - -#, fuzzy -msgid "Message" -msgstr "Mensagem do GPA" - #, fuzzy msgid "GPA is the GNU Privacy Assistant." msgstr "Compreendendo o GNU Privacy Assistant" @@ -1312,6 +1320,14 @@ msgid "Retrieve keys from server" msgstr "Receber chave de _servidor:" #, fuzzy +msgid "Re_fresh Keys" +msgstr "_Chaveiro de chaves secretas" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "Receber chave de _servidor:" + +#, fuzzy msgid "_Send Keys..." msgstr "/A_ssinar Chaves..." @@ -2280,6 +2296,13 @@ msgid "" "on this card." msgstr "" +#~ msgid "Error" +#~ msgstr "Erro" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "Mensagem do GPA" + #, fuzzy #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Privacy Assistant - Gerenciador de arquivos" @@ -2678,10 +2701,6 @@ msgstr "" #~ msgid "detailed" #~ msgstr "detalhado" -#, fuzzy -#~ msgid "refresh keyring" -#~ msgstr "_Chaveiro de chaves secretas" - #~ msgid "Sign files" #~ msgstr "Arquivo assinado" diff --git a/po/ru.po b/po/ru.po index 836dbc2..d65db09 100644 --- a/po/ru.po +++ b/po/ru.po @@ -485,24 +485,14 @@ msgstr "???????????????? ??????????..." msgid "Import keys from file" msgstr "???????????? ?????????????????? ?????????? ???? ??????????" -msgid "No keys were found." -msgstr "?????????? ???? ????????????????????." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"?????????????????? ???????????????? ????????????: %i\n" -"?????????????????????????? ???????????????? ????????????: %i\n" -"???? ???????????????? ???????????????? ????????????: %i\n" -"?????????????????? ???????????????? ????????????: %i\n" -"?????????????????????????? ???????????????? ????????????: %i\n" -"???? ???????????????? ???????????????? ????????????: %i" + +msgid "No keys were found." +msgstr "?????????? ???? ????????????????????." msgid "" "Invalid time given.\n" @@ -529,6 +519,10 @@ msgstr "???????? ???????? ?????? ???????????????? ?????????? ????????????!" msgid "You haven't selected a default key to sign with!" msgstr "???? ???????????? ???????? ???? ?????????????????? ?????? ??????????????!" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "?????????? ???????? ?????????????????????????? (ID ??????????)?" + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "?????????? ???????? ?????????????????????????? (ID ??????????)?" @@ -884,6 +878,28 @@ msgstr "???????? ?????????? ???????? ?????????????????????? ???????????? ?????? msgid "This key is useless." msgstr "???????????? ???????? ????????????????????/????????????????????." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"?????????????????? ???????????????? ????????????: %i\n" +"?????????????????????????? ???????????????? ????????????: %i\n" +"???? ???????????????? ???????????????? ????????????: %i\n" +"?????????????????? ???????????????? ????????????: %i\n" +"?????????????????????????? ???????????????? ????????????: %i\n" +"???? ???????????????? ???????????????? ????????????: %i" + msgid "A required engine component is not installed." msgstr "" @@ -910,14 +926,6 @@ msgid "Invalid character in comments." msgstr "" #, fuzzy -msgid "Error" -msgstr "???????????? GPA" - -#, fuzzy -msgid "Message" -msgstr "?????????????????? GPA" - -#, fuzzy msgid "GPA is the GNU Privacy Assistant." msgstr "?????? ???????????????? GNU Privacy Assistant" @@ -1305,6 +1313,14 @@ msgid "Retrieve keys from server" msgstr "" #, fuzzy +msgid "Re_fresh Keys" +msgstr "???????????????? ???????????? ????????????" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "/?????????????????? ???? ????????????..." + +#, fuzzy msgid "_Send Keys..." msgstr "/?????????????????? ??????????..." @@ -2252,6 +2268,14 @@ msgid "" "on this card." msgstr "" +#, fuzzy +#~ msgid "Error" +#~ msgstr "???????????? GPA" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "?????????????????? GPA" + #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Privacy Assistant - ??????????" @@ -2619,6 +2643,3 @@ msgstr "" #~ msgid "detailed" #~ msgstr "??????????????????" - -#~ msgid "refresh keyring" -#~ msgstr "???????????????? ???????????? ????????????" diff --git a/po/sv.po b/po/sv.po index 0648cbe..c355482 100644 --- a/po/sv.po +++ b/po/sv.po @@ -468,24 +468,14 @@ msgstr "Genererar nyckel..." msgid "Import keys from file" msgstr "Importera publika nycklar fr??n fil" -msgid "No keys were found." -msgstr "Inga nycklar hittades." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i publika nycklar inl??sta\n" -"%i publika nycklar importerade\n" -"%i publika nycklar of??r??ndrade\n" -"%i hemliga nycklar inl??sta\n" -"%i hemliga nycklar importerade\n" -"%i hemliga nycklar of??r??ndrade" + +msgid "No keys were found." +msgstr "Inga nycklar hittades." msgid "" "Invalid time given.\n" @@ -512,6 +502,12 @@ msgstr "Den h??r nyckeln har redan signerats med din egen nyckel!" msgid "You haven't selected a default key to sign with!" msgstr "Du har inte valt en standardnyckel att signera med!" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "" +"Vilken nyckel vill du importera? (Nyckeln m??ste anges med dess " +"nyckelidentitet)." + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "" "Vilken nyckel vill du importera? (Nyckeln m??ste anges med dess " @@ -861,6 +857,28 @@ msgstr "Nyckeln kan endast anv??ndas f??r kryptering." msgid "This key is useless." msgstr "Den h??r nyckeln ??r oanv??ndbar." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i publika nycklar inl??sta\n" +"%i publika nycklar importerade\n" +"%i publika nycklar of??r??ndrade\n" +"%i hemliga nycklar inl??sta\n" +"%i hemliga nycklar importerade\n" +"%i hemliga nycklar of??r??ndrade" + msgid "A required engine component is not installed." msgstr "" @@ -886,14 +904,6 @@ msgstr "" msgid "Invalid character in comments." msgstr "" -#, fuzzy -msgid "Error" -msgstr "GPA-fel" - -#, fuzzy -msgid "Message" -msgstr "GPA-meddelande" - msgid "GPA is the GNU Privacy Assistant." msgstr "GPA ??r GNU Privacy Assistant." @@ -1257,6 +1267,14 @@ msgstr "_H??mta nycklar..." msgid "Retrieve keys from server" msgstr "H??mta nycklar fr??n server" +#, fuzzy +msgid "Re_fresh Keys" +msgstr "uppdatera nyckelring" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "H??mta nycklar fr??n server" + msgid "_Send Keys..." msgstr "_Skicka nycklar..." @@ -2223,6 +2241,14 @@ msgid "" "on this card." msgstr "" +#, fuzzy +#~ msgid "Error" +#~ msgstr "GPA-fel" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "GPA-meddelande" + #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Privacy Assistant - Urklipp" @@ -2608,9 +2634,6 @@ msgstr "" #~ msgid "detailed" #~ msgstr "detaljerat" -#~ msgid "refresh keyring" -#~ msgstr "uppdatera nyckelring" - #~ msgid "Sign files" #~ msgstr "Signera filer" diff --git a/po/tr.po b/po/tr.po index 2153ff7..615292c 100644 --- a/po/tr.po +++ b/po/tr.po @@ -494,24 +494,14 @@ msgstr "Anahtar Yarat msgid "Import keys from file" msgstr "Genel anahtarlar? dosyadan al" -msgid "No keys were found." -msgstr "Hi?bir anahtar bulunamad?." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i genel anahtar okundu\n" -"%i genel anahtar d??ar?dan al?nd?\n" -"%i genel anahtar de?i?tirilmedi\n" -"%i gizli anahtar okundu\n" -"%i gizli anahtar d??ar?dan al?nd?\n" -"%i gizli anahtar de?i?tirilmedi" + +msgid "No keys were found." +msgstr "Hi?bir anahtar bulunamad?." msgid "" "Invalid time given.\n" @@ -536,6 +526,12 @@ msgstr "Bu anahtar zaten kendiniz taraf msgid "You haven't selected a default key to sign with!" msgstr "?mzalamak i?in varsay?lan bir anahtar se?mediniz!" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "" +"Hangi anahtar? d??ar?dan almak istiyorsunuz? (Anahtar, kimli?i ile " +"belirtilmeli)." + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "" "Hangi anahtar? d??ar?dan almak istiyorsunuz? (Anahtar, kimli?i ile " @@ -892,6 +888,28 @@ msgstr "Anahtar sadece msgid "This key is useless." msgstr "Bu anahtar i?e yaramaz." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i genel anahtar okundu\n" +"%i genel anahtar d??ar?dan al?nd?\n" +"%i genel anahtar de?i?tirilmedi\n" +"%i gizli anahtar okundu\n" +"%i gizli anahtar d??ar?dan al?nd?\n" +"%i gizli anahtar de?i?tirilmedi" + msgid "A required engine component is not installed." msgstr "" @@ -917,14 +935,6 @@ msgid "Invalid character in comments." msgstr "" #, fuzzy -msgid "Error" -msgstr "GPA Hatas?" - -#, fuzzy -msgid "Message" -msgstr "GPA Mesaj?" - -#, fuzzy msgid "GPA is the GNU Privacy Assistant." msgstr "GNU Gizlilik Asistan?n? Anlamak" @@ -1306,6 +1316,14 @@ msgid "Retrieve keys from server" msgstr "" #, fuzzy +msgid "Re_fresh Keys" +msgstr "Anahtar? Kald?r" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "/Anahtarlar? Sunucuya _G?nder..." + +#, fuzzy msgid "_Send Keys..." msgstr "/Anahtarlar? ?m_zala..." @@ -2260,6 +2278,14 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "Error" +#~ msgstr "GPA Hatas?" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "GPA Mesaj?" + +#, fuzzy #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Gizlilik Asistan? - Dosya Y?neticisi" diff --git a/po/zh_TW.po b/po/zh_TW.po index 9193b85..4d86b05 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -494,24 +494,14 @@ msgstr " msgid "Import keys from file" msgstr "???????????J???_" -msgid "No keys were found." -msgstr "???????K?_." - #, c-format msgid "" -"%i public keys read\n" -"%i public keys imported\n" -"%i public keys unchanged\n" -"%i secret keys read\n" -"%i secret keys imported\n" -"%i secret keys unchanged" +"More than %d keys match your search pattern.\n" +"Use the long keyid or a fingerprint for a better match" msgstr "" -"%i ???_?Q????\n" -"%i ???_?w???J\n" -"%i ???_?S????\n" -"%i ?p?_?Q????\n" -"%i ?p?_?w???J\n" -"%i ?p?_?w???J" + +msgid "No keys were found." +msgstr "???????K?_." msgid "" "Invalid time given.\n" @@ -536,6 +526,10 @@ msgstr " msgid "You haven't selected a default key to sign with!" msgstr "?S???????w?]???p???K?_!" +#, fuzzy +msgid "Which key do you want to import?" +msgstr "?????n???J???K?_. (???????????K?_??????)." + msgid "Which key do you want to import? (The key must be specified by key ID)." msgstr "?????n???J???K?_. (???????????K?_??????)." @@ -885,6 +879,28 @@ msgstr " msgid "This key is useless." msgstr "?K?_?O???i??????." +#, c-format +msgid "" +"%u file(s) read\n" +"%u file(s) with errors" +msgstr "" + +#, c-format +msgid "" +"%i public keys read\n" +"%i public keys imported\n" +"%i public keys unchanged\n" +"%i secret keys read\n" +"%i secret keys imported\n" +"%i secret keys unchanged" +msgstr "" +"%i ???_?Q????\n" +"%i ???_?w???J\n" +"%i ???_?S????\n" +"%i ?p?_?Q????\n" +"%i ?p?_?w???J\n" +"%i ?p?_?w???J" + msgid "A required engine component is not installed." msgstr "" @@ -910,14 +926,6 @@ msgid "Invalid character in comments." msgstr "" #, fuzzy -msgid "Error" -msgstr "GPA ???~" - -#, fuzzy -msgid "Message" -msgstr "GPA ?T??" - -#, fuzzy msgid "GPA is the GNU Privacy Assistant." msgstr "?F??GNU Privacy Assistant" @@ -1289,6 +1297,14 @@ msgid "Retrieve keys from server" msgstr "" #, fuzzy +msgid "Re_fresh Keys" +msgstr "?????K?_" + +#, fuzzy +msgid "Refresh keys from server" +msgstr "?H?X???_?????A??... (&N)" + +#, fuzzy msgid "_Send Keys..." msgstr "/???p???_... (&S)" @@ -2230,6 +2246,14 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "Error" +#~ msgstr "GPA ???~" + +#, fuzzy +#~ msgid "Message" +#~ msgstr "GPA ?T??" + +#, fuzzy #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Privacy Assistant - ???????z" commit 719bbe7ae59e0dfd7bd3951a01d5d31e80771800 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 Get rid of Gtk+ warning * src/server-access.c (wait_dialog): Remove GTK_DIALOG_NO_SEPARATOR. -- The warning when used with GnupG < 2.1 was: Gtk-WARNING **: The GTK_DIALOG_NO_SEPARATOR flag cannot be used for GtkMessageDialog diff --git a/src/server-access.c b/src/server-access.c index 18ecdca..74bc3f5 100644 --- a/src/server-access.c +++ b/src/server-access.c @@ -359,7 +359,7 @@ wait_dialog (const gchar *server, GtkWidget *parent) { GtkWidget *dialog = gtk_message_dialog_new (GTK_WINDOW (parent), - GTK_DIALOG_MODAL | GTK_DIALOG_NO_SEPARATOR, + GTK_DIALOG_MODAL, GTK_MESSAGE_INFO, GTK_BUTTONS_NONE, _("Connecting to server \"%s\".\n" "Please wait."), server); commit 7fdf8d8f097ddd27267d8e6186a561748a60add2 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 Add a Refresh Key function to the key manager's context menu. * src/gpaimportbykeyidop.c: New. * src/gpaimportbykeyidop.h: New. * src/keymanager.c (key_manager_refresh_keys): New. (key_manager_action_new): Add ServerRefresh Action top the popup. -- This is currently limited to one key. It won't be complicated to allow several keys but this has not been done because it is better to first write code to get an array of gpgme key objects from the key manager's selection instead of passing the selection (which has only opaque types) to the import functions. diff --git a/src/Makefile.am b/src/Makefile.am index 9a2a408..6a2ab71 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -96,6 +96,7 @@ if ENABLE_KEYSERVER_SUPPORT keyserver_support_sources = \ server-access.c \ gpaimportserverop.c \ + gpaimportbykeyidop.c \ gpaexportserverop.c else keyserver_support_sources = @@ -169,6 +170,7 @@ gpa_SOURCES = \ gpaimportfileop.h gpaimportfileop.c \ gpaimportclipop.h gpaimportclipop.c \ gpaimportserverop.h \ + gpaimportbykeyidop.h \ gpagenkeyop.h gpagenkeyop.c \ gpagenkeyadvop.h gpagenkeyadvop.c \ gpagenkeysimpleop.h gpagenkeysimpleop.c \ diff --git a/src/gpaimportbykeyidop.c b/src/gpaimportbykeyidop.c new file mode 100644 index 0000000..8e5d5ce --- /dev/null +++ b/src/gpaimportbykeyidop.c @@ -0,0 +1,189 @@ +/* gpaimportbykeyidop.c - The GpaImportByKeyidOperation object. + * Copyright (C) 2014 g10 Code GmbH + * + * This file is part of GPA + * + * GPA is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GPA is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + * License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include + +#include +#include +#include "gpa.h" +#include "i18n.h" +#include "gtktools.h" +#include "gpaimportbykeyidop.h" +#include "server-access.h" + + +static GObjectClass *parent_class = NULL; + +static gboolean +gpa_import_bykeyid_operation_get_source (GpaImportOperation *operation); +static void +gpa_import_bykeyid_operation_complete_import (GpaImportOperation *operation); + +/* GObject boilerplate */ + +static void +gpa_import_bykeyid_operation_finalize (GObject *object) +{ + GpaImportByKeyidOperation *op = GPA_IMPORT_BYKEYID_OPERATION (object); + + gpgme_key_unref (op->key); + op->key = NULL; + + G_OBJECT_CLASS (parent_class)->finalize (object); +} + + +static void +gpa_import_bykeyid_operation_init (GpaImportByKeyidOperation *op) +{ + op->key = NULL; +} + + +static GObject* +gpa_import_bykeyid_operation_constructor (GType type, + guint n_construct_properties, + GObjectConstructParam *construct_properties) +{ + GObject *object; + /* GpaImportByKeyidOperation *op; */ + + /* Invoke parent's constructor */ + object = parent_class->constructor (type, + n_construct_properties, + construct_properties); + /* op = GPA_IMPORT_BYKEYID_OPERATION (object); */ + + return object; +} + + +static void +gpa_import_bykeyid_operation_class_init (GpaImportByKeyidOperationClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + GpaImportOperationClass *import_class = GPA_IMPORT_OPERATION_CLASS (klass); + + parent_class = g_type_class_peek_parent (klass); + + object_class->constructor = gpa_import_bykeyid_operation_constructor; + object_class->finalize = gpa_import_bykeyid_operation_finalize; + + import_class->get_source = gpa_import_bykeyid_operation_get_source; + import_class->complete_import = gpa_import_bykeyid_operation_complete_import; +} + + +GType +gpa_import_bykeyid_operation_get_type (void) +{ + static GType type = 0; + + if (!type) + { + static const GTypeInfo info = + { + sizeof (GpaImportByKeyidOperationClass), + (GBaseInitFunc) NULL, + (GBaseFinalizeFunc) NULL, + (GClassInitFunc) gpa_import_bykeyid_operation_class_init, + NULL, /* class_finalize */ + NULL, /* class_data */ + sizeof (GpaImportByKeyidOperation), + 0, /* n_preallocs */ + (GInstanceInitFunc) gpa_import_bykeyid_operation_init, + }; + + type = g_type_register_static (GPA_IMPORT_OPERATION_TYPE, + "GpaImportByKeyidOperation", + &info, 0); + } + + return type; +} + + +/* Virtual methods */ + +static gboolean +gpa_import_bykeyid_operation_get_source (GpaImportOperation *operation) +{ + GpaImportByKeyidOperation *op = GPA_IMPORT_BYKEYID_OPERATION (operation); + int i; + + /* Better reset the source variables. */ + gpgme_data_release (operation->source); + operation->source = NULL; + if (operation->source2) + { + for (i=0; operation->source2[i]; i++) + gpgme_key_unref (operation->source2[i]); + g_free (operation->source2); + operation->source2 = NULL; + } + + if (!op->key + || op->key->protocol != GPGME_PROTOCOL_OpenPGP + || !op->key->subkeys + || !op->key->subkeys->keyid + || !*op->key->subkeys->keyid) + ; + else if (is_gpg_version_at_least ("2.1.0")) + { + operation->source2 = g_malloc0_n (1 + 1, sizeof *operation->source2); + gpgme_key_ref (op->key); + operation->source2[0] = op->key; + return TRUE; + } + else + { + + if (server_get_key (gpa_options_get_default_keyserver + (gpa_options_get_instance ()), + op->key->subkeys->keyid, + &operation->source, GPA_OPERATION (op)->window)) + { + return TRUE; + } + } + return FALSE; +} + + +static void +gpa_import_bykeyid_operation_complete_import (GpaImportOperation *operation) +{ + (void)operation; +} + + +/* API */ + +GpaImportByKeyidOperation* +gpa_import_bykeyid_operation_new (GtkWidget *window, gpgme_key_t key) +{ + GpaImportByKeyidOperation *op; + + op = g_object_new (GPA_IMPORT_BYKEYID_OPERATION_TYPE, + "window", window, NULL); + gpgme_key_ref (key); + op->key = key; + + return op; +} diff --git a/src/gpaimportbykeyidop.h b/src/gpaimportbykeyidop.h new file mode 100644 index 0000000..4fdc7e7 --- /dev/null +++ b/src/gpaimportbykeyidop.h @@ -0,0 +1,77 @@ +/* gpaimportbykeyidop.h - The GpaImportByKeyidOperation object. + * Copyright (C) 2014 g10 Code GmbH + * + * This file is part of GPA + * + * GPA is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GPA is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + * License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef GPA_IMPORT_BYKEYID_OP_H +#define GPA_IMPORT_BYKEYID_OP_H +#ifdef ENABLE_KEYSERVER_SUPPORT + +#include "gpa.h" +#include +#include +#include "gpaimportop.h" + +/* GObject stuff */ +#define GPA_IMPORT_BYKEYID_OPERATION_TYPE \ + (gpa_import_bykeyid_operation_get_type ()) + +#define GPA_IMPORT_BYKEYID_OPERATION(obj) \ + (G_TYPE_CHECK_INSTANCE_CAST ((obj), GPA_IMPORT_BYKEYID_OPERATION_TYPE,\ + GpaImportByKeyidOperation)) + +#define GPA_IMPORT_BYKEYID_OPERATION_CLASS(klass) \ + (G_TYPE_CHECK_CLASS_CAST ((klass), GPA_IMPORT_BYKEYID_OPERATION_TYPE, \ + GpaImportByKeyidOperationClass)) + +#define GPA_IS_IMPORT_BYKEYID_OPERATION(obj) \ + (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GPA_IMPORT_BYKEYID_OPERATION_TYPE)) + +#define GPA_IS_IMPORT_BYKEYID_OPERATION_CLASS(klass) \ + (G_TYPE_CHECK_CLASS_TYPE ((klass), GPA_IMPORT_BYKEYID_OPERATION_TYPE)) + +#define GPA_IMPORT_BYKEYID_OPERATION_GET_CLASS(obj) \ + (G_TYPE_INSTANCE_GET_CLASS ((obj), GPA_IMPORT_BYKEYID_OPERATION_TYPE, \ + GpaImportByKeyidOperationClass)) + +typedef struct _GpaImportByKeyidOperation GpaImportByKeyidOperation; +typedef struct _GpaImportByKeyidOperationClass GpaImportByKeyidOperationClass; + +struct _GpaImportByKeyidOperation +{ + GpaImportOperation parent; + + gpgme_key_t key; +}; + + +struct _GpaImportByKeyidOperationClass +{ + GpaImportOperationClass parent_class; +}; + + +GType gpa_import_bykeyid_operation_get_type (void) G_GNUC_CONST; + +/* API */ + +/* Creates a new import by keyid operation. */ +GpaImportByKeyidOperation * +gpa_import_bykeyid_operation_new (GtkWidget *window, gpgme_key_t key); + +#endif /*ENABLE_KEYSERVER_SUPPORT*/ +#endif /*GPA_IMPORT_BYKEYID_OP_H*/ diff --git a/src/keymanager.c b/src/keymanager.c index 84baf6a..d78eb94 100644 --- a/src/keymanager.c +++ b/src/keymanager.c @@ -61,6 +61,7 @@ #include "gpaimportfileop.h" #include "gpaimportclipop.h" #include "gpaimportserverop.h" +#include "gpaimportbykeyidop.h" #include "gpabackupop.h" @@ -549,6 +550,32 @@ key_manager_retrieve (GtkAction *action, gpointer param) #endif /*ENABLE_KEYSERVER_SUPPORT*/ +/* Refresh keys from the keyserver. */ +#ifdef ENABLE_KEYSERVER_SUPPORT +static void +key_manager_refresh_keys (GtkAction *action, gpointer param) +{ + GpaKeyManager *self = param; + GpaImportByKeyidOperation *op; + GList *selection; + + /* FIXME: The refresh-from-server operation currently only supports + one key at a time. */ + if (!key_manager_has_single_selection (self)) + return; + + selection = gpa_keylist_get_selected_keys (self->keylist, + GPGME_PROTOCOL_OPENPGP); + if (selection) + { + op = gpa_import_bykeyid_operation_new (GTK_WIDGET (self), + (gpgme_key_t) selection->data); + register_import_operation (self, GPA_IMPORT_OPERATION (op)); + } +} +#endif /*ENABLE_KEYSERVER_SUPPORT*/ + + /* Send a key to the keyserver. */ #ifdef ENABLE_KEYSERVER_SUPPORT static void @@ -889,8 +916,8 @@ keyring_set_listing_cb (GtkAction *action, /* Create and return the menu bar for the key ring editor. */ static void key_manager_action_new (GpaKeyManager *self, - GtkWidget **menu, GtkWidget **toolbar, - GtkWidget **popup) + GtkWidget **menu, GtkWidget **toolbar, + GtkWidget **popup) { static const GtkActionEntry entries[] = { @@ -944,6 +971,9 @@ key_manager_action_new (GpaKeyManager *self, { "ServerRetrieve", NULL, N_("_Retrieve Keys..."), NULL, N_("Retrieve keys from server"), G_CALLBACK (key_manager_retrieve) }, + { "ServerRefresh", NULL, N_("Re_fresh Keys"), NULL, + N_("Refresh keys from server"), + G_CALLBACK (key_manager_refresh_keys) }, { "ServerSend", NULL, N_("_Send Keys..."), NULL, N_("Send keys to server"), G_CALLBACK (key_manager_send) } #endif /*ENABLE_KEYSERVER_SUPPORT*/ @@ -1042,6 +1072,7 @@ key_manager_action_new (GpaKeyManager *self, " " " " #ifdef ENABLE_KEYSERVER_SUPPORT + " " " " #endif " " @@ -1117,6 +1148,9 @@ key_manager_action_new (GpaKeyManager *self, key_manager_has_selection); #ifdef ENABLE_KEYSERVER_SUPPORT + action = gtk_action_group_get_action (action_group, "ServerRefresh"); + add_selection_sensitive_action (self, action, + key_manager_has_single_selection); action = gtk_action_group_get_action (action_group, "ServerSend"); add_selection_sensitive_action (self, action, key_manager_has_single_selection); commit 1a51becdf8f741be7083306f9000f97e283376fd Author: Zden??k Hata?? Date: Thu Sep 11 09:20:32 2014 +0200 po: Update Czech translation diff --git a/po/cs.po b/po/cs.po index 22b55ec..9fa3f8b 100644 --- a/po/cs.po +++ b/po/cs.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: cs\n" "Report-Msgid-Bugs-To: gpa-dev at gnupg.org\n" -"PO-Revision-Date: 2014-06-05 08:46+0100\n" +"PO-Revision-Date: 2014-09-11 09:17+0100\n" "Last-Translator: Zden??k Hata?? \n" "Language-Team: czech \n" "Language: cs\n" @@ -269,9 +269,8 @@ msgstr "Otev????t schr??nku" msgid "Open the settings dialog" msgstr "Otev????t dialog nastaven??" -#, fuzzy msgid "Only start the UI server" -msgstr "Povolit UI server" +msgstr "Spustit pouze UI server" msgid "Disable support for X.509" msgstr "Vypnout podporu pro X.509" @@ -280,7 +279,7 @@ msgid "Read options from file" msgstr "????st mo??nosti ze souboru" msgid "Do not connect to a running instance" -msgstr "" +msgstr "Nep??ipojujte se k b??????c?? instanci" msgid "[FILE...]" msgstr "[SOUBOR...]" @@ -334,9 +333,9 @@ msgstr "V pr??b??hu z??lohov??n?? do??lo k chyb??." msgid "Backup key to file" msgstr "Z??lohovat kl???? do souboru" -#, fuzzy, c-format +#, c-format msgid "Generating backup of key: 0x%s" -msgstr "Vytv?????? se z??lohu kl????e: %s" +msgstr "Vytv?????? se z??lohu kl????e: 0x%s" msgid "The keys have been copied to the clipboard." msgstr "Kl????e byly zkop??rov??ny do schr??nky." @@ -536,47 +535,44 @@ msgstr "ID podkl????e" msgid "Status" msgstr "Stav" -#, fuzzy msgid "Algo" msgstr "Algoritmus" msgid "Size" msgstr "Velikost" -#, fuzzy msgid "Created" -msgstr "Vytvo??en:" +msgstr "Vytvo??en" -#, fuzzy msgid "Expires" -msgstr "Vypr??ela platnost" +msgstr "Vypr???? platnost" msgid "S" -msgstr "" +msgstr "P" msgid "Can sign" msgstr "Sm?? podepisovat" msgid "C" -msgstr "" +msgstr "C" msgid "Can certify" msgstr "Sm?? certifikovat" msgid "E" -msgstr "" +msgstr "??" msgid "Can encrypt" msgstr "Sm?? ??ifrovat" msgid "A" -msgstr "" +msgstr "A" msgid "Can authenticate" msgstr "Sm?? autentizovat" msgid "T" -msgstr "" +msgstr "K" msgid "Secret key stored on a smartcard." msgstr "Soukrom?? kl???? byl ulo??en na kart??." @@ -1118,9 +1114,8 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "ID kl????e je kr??tk?? ????slo k identifikaci certifik??tu." -#, fuzzy msgid "The Creation Date is the date the certificate was created." -msgstr "Datum vypr??en?? je datum, do kter??ho je certifik??t platn??." +msgstr "Datum vytvo??en?? je datum, kdy byl certifik??t vytvo??en." msgid "The Expiry Date is the date until the certificate is valid." msgstr "Datum vypr??en?? je datum, do kter??ho je certifik??t platn??." ----------------------------------------------------------------------- Summary of changes: Makefile.am | 1 - NEWS | 12 ++- configure.ac | 4 +- po/ar.po | 73 +++++++++++------- po/cs.po | 97 ++++++++++++++---------- po/de.po | 14 ++-- po/es.po | 74 +++++++++++------- po/fr.po | 72 ++++++++++++------ po/ja.po | 68 +++++++++++------ po/nl.po | 70 +++++++++++------ po/pl.po | 73 +++++++++++------- po/pt_BR.po | 71 ++++++++++------- po/ru.po | 73 +++++++++++------- po/sv.po | 75 +++++++++++------- po/tr.po | 72 ++++++++++++------ po/zh_TW.po | 70 +++++++++++------ src/Makefile.am | 2 + src/gpaimportbykeyidop.c | 189 ++++++++++++++++++++++++++++++++++++++++++++++ src/gpaimportbykeyidop.h | 77 +++++++++++++++++++ src/keymanager.c | 38 +++++++++- src/server-access.c | 2 +- 21 files changed, 907 insertions(+), 320 deletions(-) create mode 100644 src/gpaimportbykeyidop.c create mode 100644 src/gpaimportbykeyidop.h hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 21 11:43:18 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 21 Nov 2014 11:43:18 +0100 Subject: [git] gnupg-doc - branch, master, updated. 797c15a5758775d5d5022cc8cb8e4642bdabeb89 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 797c15a5758775d5d5022cc8cb8e4642bdabeb89 (commit) from 0968808af5bf30458796921ad32e3c0abaa354f5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 797c15a5758775d5d5022cc8cb8e4642bdabeb89 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 web: Various changes. -- diff --git a/web/download/index.org b/web/download/index.org index ede8133..a0ec6aa 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -101,7 +101,7 @@ |---------+--------------------+---------------------------------------------| | | <18> | | | Windows | [[http://gpg4win.org/download.html][Gpg4win]] | Installers for /GnuPG stable/ | - | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG modern/ | + | | --- | Simple installer for /GnuPG modern/ | | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG classic/ | | OS X | [[http://gpgtools.org][Mac GPG]] | Installer from the gpgtools project | | Debian | [[https://www.debian.org][Debian site]] | GnuPG stable and classic are part of Debian | @@ -111,5 +111,6 @@ | RISC OS | [[http://www.sbellon.de/gnupg.html][home page]] | Sources and binaries for RISC OS | |---------+--------------------+---------------------------------------------| +# | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG modern/ | # eof # diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org index 7d70c7c..6bbdfb9 100644 --- a/web/download/integrity_check.org +++ b/web/download/integrity_check.org @@ -18,7 +18,7 @@ this command: {{{begin_example}}} - gpg {{{twodashes}}}verify gnupg-{{{gnupg_ver}}}.tar.bz2.sig + gpg {{{twodashes}}}verify gnupg-{{{gnupg_ver}}}.tar.bz2.sig gnupg-{{{gnupg_ver}}}.tar.bz2 {{{end_example}}} This checks whether the signature file matches the source file. You diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index e5e6f71..bc312da 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -553,16 +553,23 @@ used. Take care: GnuPG versions before 2.1 will always use the keybox file. To convert an existing =pubring.gpg= file to the keybox format, you -first rename the file to (for example) =publickeys= so it won?t be -recognized by any GnuPG version and then you run the command +first backup the ownertrust values, then rename the file to (for +example) =publickeys=, so it won?t be recognized by any GnuPG version, +then run import, and finally restore the ownertrust values: #+begin_example +$ cd ~/.gnupg +$ gpg --export-ownertrust >otrust.lst +$ mv pubring.gpg publickeys $ gpg2 --import publickeys +$ gpg2 --import-ownertrust otrust.lst #+end_example You may then rename the =publickeys= file back so that it can be used by older GnuPG versions. Remember that in this case you have two -independent copies of the public keys. +independent copies of the public keys. The ownertrust values are kept +by all gpg versions in the file =trustdb.gpg= but the above +precautions need to be taken to keep them over an import. ** Auto-generated revocation certificates diff --git a/web/swdb.mac b/web/swdb.mac index 1279c6d..05ab0df 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -49,9 +49,9 @@ # # GPA # -#+macro: gpa_ver 0.9.5 -#+macro: gpa_size 716k -#+macro: gpa_sha1 ea53b934a7f5dd4e2dfb35dac2b35cafc7b54c90 +#+macro: gpa_ver 0.9.6 +#+macro: gpa_size 718k +#+macro: gpa_sha1 c664409c7d423eccc1120fbd0d232108269c9797 # @@ -106,9 +106,9 @@ # # LIBASSUAN # -#+macro: libassuan_ver 2.1.2 +#+macro: libassuan_ver 2.1.3 #+macro: libassuan_size 504k -#+macro: libassuan_sha1 7aed69734ba64b63004107cada671b5861d332a4 +#+macro: libassuan_sha1 56ac91973c2818a91d4f16ed48265a2b5daf45d3 # @@ -126,6 +126,13 @@ # +# ADNS +# +#+macro: adns_ver 1.4-g10-4 +#+macro: adns_sha1 040aed033694aeb3a97b8e5d74b990d4cad6bc99 + + +# # zlib (mirrored at our server) # #+macro: zlib_ver 1.2.8 ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 3 ++- web/download/integrity_check.org | 2 +- web/faq/whats-new-in-2.1.org | 13 ++++++++++--- web/swdb.mac | 17 ++++++++++++----- 4 files changed, 25 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 21 14:28:58 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 21 Nov 2014 14:28:58 +0100 Subject: [git] gnupg-doc - branch, master, updated. 871820f8bdffce5c3f09d969ec54b638cb773cd2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 871820f8bdffce5c3f09d969ec54b638cb773cd2 (commit) from 797c15a5758775d5d5022cc8cb8e4642bdabeb89 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 871820f8bdffce5c3f09d969ec54b638cb773cd2 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 web: Removed dead demon.nl mirror. See http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029113.html diff --git a/web/download/mirrors.org b/web/download/mirrors.org index bd24488..6dec2b0 100644 --- a/web/download/mirrors.org +++ b/web/download/mirrors.org @@ -36,7 +36,6 @@ web site mirrors, please consult the [[../mirrors.html][WWW mirror page]] . | Iceland | [[http://www.hi.is/][HI]] | [[ftp://ftp.hi.is/pub/mirrors/gnupg/][ftp]] | | | Ireland | [[http://ftp.heanet.ie/about/][HEAnet]] | [[ftp://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/][ftp]] [[http://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/][http]] {{{rsync(rsync://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/)}}} | 4/day | | Netherlands | [[http://www.bit.nl/][BIT]] | [[ftp://ftp.bit.nl/mirror/gnupg/][ftp]] | | - | | [[http://www.demon.nl/][Demon]] | [[ftp://ftp.demon.nl/pub/mirrors/gnupg/][ftp]] | | | | [[http://www.surfnet.nl/][SurfNet]] | [[ftp://ftp.surfnet.nl/pub/security/gnupg/][ftp]] | | | Portugal | [[http://5coluna.com][5? Coluna]] | [[http://dist.gnupg.pt/][http]] | 2/day | | Romania | [[http://www.iasi.roedu.net/][Romanian Edu., Iasi Branch]] | [[ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/][ftp]] | | ----------------------------------------------------------------------- Summary of changes: web/download/mirrors.org | 1 - 1 file changed, 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 21 16:16:49 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 21 Nov 2014 16:16:49 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-34-g44c9cc1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 44c9cc18968b3e1d7568ec41ebf28a07285c61bb (commit) via 94a54425144e412bc83e44b7c6323282f49f650f (commit) via 9a85b91e925ac0798d56820353bf5858b212277f (commit) from 8f8e94322d5cc65add4dbd4c3b9b2c09a0b855ee (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 44c9cc18968b3e1d7568ec41ebf28a07285c61bb Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 gpg: Track number of skipped v3 keys on import. * g10/import.c (stats_s): Add field v3keys. (import): Update this field. (import_print_stats): Print v3 key count. (read_block): Skip v3 keys and return a count for them. Signed-off-by: Werner Koch diff --git a/doc/DETAILS b/doc/DETAILS index a1e96f4..9ad616c 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -750,6 +750,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - - - + - ** Smartcard related *** CARDCTRL [] diff --git a/g10/import.c b/g10/import.c index 6439fd0..a33690b 100644 --- a/g10/import.c +++ b/g10/import.c @@ -57,6 +57,7 @@ struct stats_s { ulong not_imported; ulong n_sigs_cleaned; ulong n_uids_cleaned; + ulong v3keys; /* Number of V3 keys seen. */ }; @@ -64,7 +65,8 @@ static int import (ctrl_t ctrl, IOBUF inp, const char* fname, struct stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, import_screener_t screener, void *screener_arg); -static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); +static int read_block (IOBUF a, PACKET **pending_pkt, KBNODE *ret_root, + int *r_v3keys); static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); static int import_one (ctrl_t ctrl, const char *fname, KBNODE keyblock,struct stats_s *stats, @@ -298,6 +300,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct stats_s *stats, grasp the return semantics of read_block. */ int rc = 0; + int v3keys; getkey_disable_caches(); @@ -310,8 +313,9 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct stats_s *stats, release_armor_context (afx); } - while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) { - if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) + while( !(rc = read_block( inp, &pending_pkt, &keyblock, &v3keys) )) { + stats->v3keys += v3keys; + if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) rc = import_one (ctrl, fname, keyblock, stats, fpr, fpr_len, options, 0, 0, screener, screener_arg); @@ -334,9 +338,10 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct stats_s *stats, if( !(++stats->count % 100) && !opt.quiet ) log_info(_("%lu keys processed so far\n"), stats->count ); } + stats->v3keys += v3keys; if( rc == -1 ) rc = 0; - else if( rc && rc != G10ERR_INV_KEYRING ) + else if( rc && gpg_err_code (rc) != G10ERR_INV_KEYRING ) log_error( _("error reading '%s': %s\n"), fname, g10_errstr(rc)); return rc; @@ -354,6 +359,7 @@ import_old_secring (ctrl_t ctrl, const char *fname) grasp the return semantics of read_block. */ struct stats_s *stats; + int v3keys; inp = iobuf_open (fname); if (inp && is_secured_file (iobuf_get_fd (inp))) @@ -371,7 +377,7 @@ import_old_secring (ctrl_t ctrl, const char *fname) getkey_disable_caches(); stats = import_new_stats_handle (); - while (!(err = read_block (inp, &pending_pkt, &keyblock))) + while (!(err = read_block (inp, &pending_pkt, &keyblock, &v3keys))) { if (keyblock->pkt->pkttype == PKT_SECRET_KEY) err = import_secret_one (ctrl, fname, keyblock, stats, 1, 0, 1, @@ -401,7 +407,10 @@ import_print_stats (void *hd) struct stats_s *stats = hd; if( !opt.quiet ) { - log_info(_("Total number processed: %lu\n"), stats->count ); + log_info(_("Total number processed: %lu\n"), + stats->count + stats->v3keys); + if( stats->v3keys) + log_info(_(" skipped PGP-2 keys: %lu\n"), stats->v3keys); if( stats->skipped_new_keys ) log_info(_(" skipped new keys: %lu\n"), stats->skipped_new_keys ); @@ -436,9 +445,10 @@ import_print_stats (void *hd) } if( is_status_enabled() ) { - char buf[14*20]; - sprintf(buf, "%lu %lu %lu 0 %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu", - stats->count, + char buf[15*20]; + snprintf (buf, sizeof buf, + "%lu %lu %lu 0 %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu", + stats->count + stats->v3keys, stats->no_user_id, stats->imported, stats->unchanged, @@ -450,7 +460,8 @@ import_print_stats (void *hd) stats->secret_imported, stats->secret_dups, stats->skipped_new_keys, - stats->not_imported ); + stats->not_imported, + stats->v3keys ); write_status_text( STATUS_IMPORT_RES, buf ); } } @@ -480,16 +491,20 @@ valid_keyblock_packet (int pkttype) /**************** * Read the next keyblock from stream A. * PENDING_PKT should be initialzed to NULL - * and not chnaged form the caller. + * and not changed by the caller. * Return: 0 = okay, -1 no more blocks or another errorcode. + * The int at at R_V3KEY counts the number of unsupported v3 + * keyblocks. */ static int -read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) +read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root, int *r_v3keys) { int rc; PACKET *pkt; KBNODE root = NULL; - int in_cert; + int in_cert, in_v3key; + + *r_v3keys = 0; if( *pending_pkt ) { root = new_kbnode( *pending_pkt ); @@ -500,9 +515,23 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) in_cert = 0; pkt = xmalloc( sizeof *pkt ); init_packet(pkt); + in_v3key = 0; while( (rc=parse_packet(a, pkt)) != -1 ) { - if( rc ) { /* ignore errors */ - if( rc != G10ERR_UNKNOWN_PACKET ) { + if (rc && (gpg_err_code (rc) == GPG_ERR_INV_PACKET + && (pkt->pkttype == PKT_PUBLIC_KEY + || pkt->pkttype == PKT_SECRET_KEY) + && (pkt->pkt.public_key->version == 2 + || pkt->pkt.public_key->version == 3))) { + in_v3key = 1; + ++*r_v3keys; + free_packet (pkt); + init_packet (pkt); + continue; + } + else if (rc ) { /* ignore errors */ + if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) + ; /* Do not show a diagnostic. */ + else { log_error("read_block: read error: %s\n", g10_errstr(rc) ); rc = G10ERR_INV_KEYRING; goto ready; @@ -512,6 +541,14 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) continue; } + if (in_v3key && !(pkt->pkttype == PKT_PUBLIC_KEY + || pkt->pkttype == PKT_SECRET_KEY)) { + free_packet( pkt ); + init_packet(pkt); + continue; + } + in_v3key = 0; + if( !root && pkt->pkttype == PKT_SIGNATURE && pkt->pkt.signature->sig_class == 0x20 ) { /* this is a revocation certificate which is handled commit 94a54425144e412bc83e44b7c6323282f49f650f Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 gpg: Fix regression in parse_key. * g10/parse-packet.c (parse): Better return just the gpg_err_code. (parse_key): Return the error code. Signed-off-by: Werner Koch diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 039f085..e0370aa 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -658,7 +658,11 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, /* FIXME: Do we leak in case of an error? */ if (!rc && iobuf_error (inp)) rc = G10ERR_INV_KEYRING; - return rc; + + /* FIXME: We use only the error code for now to avoid problems with + callers which have not been checked to always use gpg_err_code() + when comparing error codes. */ + return rc == -1? -1 : gpg_err_code (rc); } @@ -1909,7 +1913,6 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, int i, version, algorithm; unsigned long timestamp, expiredate, max_expiredate; int npkey, nskey; - int rc = 0; u32 keyid[2]; PKT_public_key *pk; @@ -2313,7 +2316,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, leave: iobuf_skip_rest (inp, pktlen, 0); - return rc; + return err; } commit 9a85b91e925ac0798d56820353bf5858b212277f Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 speedo: Add simple logos to the installer. * build-aux/speedo/w32/README.txt: Include GnuPG Readme. * build-aux/speedo/w32/gnupg-logo-150x57.bmp: New. * build-aux/speedo/w32/gnupg-logo-164x314.bmp: New. * build-aux/speedo/w32/inst.nsi: Add logos. * build-aux/speedo.mk ($(bdir)/NEWS.tmp): Extract news items. -- The welcome page logo is basically a placeholder until someone has created a pretty one. diff --git a/artwork/gnupg-lock-256x256tr.png b/artwork/gnupg-lock-256x256tr.png new file mode 100644 index 0000000..25c5659 Binary files /dev/null and b/artwork/gnupg-lock-256x256tr.png differ diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index f9490cb..005add7 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -1024,16 +1024,20 @@ dist-source: all ) +# Extract the two latest news entries. */ $(bdir)/NEWS.tmp: $(topsrc)/NEWS - sed -e '/^#/d' <$(topsrc)/NEWS >$(bdir)/NEWS.tmp + awk '/^Notewo/ {if(okay>1){exit}; okay++};okay {print $0}' \ + <$(topsrc)/NEWS >$(bdir)/NEWS.tmp -$(bdir)/README.txt: $(bdir)/NEWS.tmp $(w32src)/README.txt \ +$(bdir)/README.txt: $(bdir)/NEWS.tmp $(topsrc)/README $(w32src)/README.txt \ $(w32src)/pkg-copyright.txt sed -e '/^;.*/d;' \ - -e '/!NEWSFILE!/{r NEWS.tmp' -e 'd;}' \ + -e '/!NEWSFILE!/{r $(bdir)/NEWS.tmp' -e 'd;}' \ + -e '/!GNUPGREADME!/{r $(topsrc)/README' -e 'd;}' \ -e '/!PKG-COPYRIGHT!/{r $(w32src)/pkg-copyright.txt' -e 'd;}' \ -e 's,!VERSION!,$(INST_VERSION),g' \ < $(w32src)/README.txt \ + | sed -e '/^#/d' \ | awk '{printf "%s\r\n", $$0}' >$(bdir)/README.txt $(bdir)/g4wihelp.dll: $(w32src)/g4wihelp.c $(w32src)/exdll.h diff --git a/build-aux/speedo/w32/README.txt b/build-aux/speedo/w32/README.txt index 847ecd7..e98fb97 100644 --- a/build-aux/speedo/w32/README.txt +++ b/build-aux/speedo/w32/README.txt @@ -1,5 +1,5 @@ ;; README.txt -*- coding: latin-1; -*- -;; This is the README installed with megacryption. Lines with a +;; This is the README installed for Windows. Lines with a ;; semicolon in the first column are considered a comment and not ;; included in the actually installed version. Certain keywords are ;; replaced by the Makefile; those words are enclosed by exclamation @@ -14,27 +14,40 @@ Content: 1. Important notes 2. Changes - 3. Legal notices - - + 3. GnuPG README file + 4. Legal notices 1. Important Notes ================== -HTML versions of the manuals have been installed on the desktop. -Check out https://gnupg.org for latest news. +See https://gnupg.org for latest news. HowTo documents and manuals +can be found there but some have also been installed on your machine. +Developing GnuPG and keeping it in a healthy state is a full time job +for at least two experienced developers. We currently do not have the +financial resources to even fully pay one person. To change that +please consider to donate at https://gnupg.org/donate/ . -2. Record of Changes (NEWS file) -================================ -Below you find the raw NEWS file: +2. Record of Changes +==================== + +This is a list of changes to the GnuPG core for this and the previous +release. !NEWSFILE! -3. Legal notices pertaining to the individual packets +3. GnuPG README file +==================== + +Below is the README file as distributed with the GnuPG source. + +!GNUPGREADME! + + +4. Legal notices pertaining to the individual packets ===================================================== GnuPG for Windows consist of several independent developed packages, @@ -42,9 +55,9 @@ available under different license conditions. Most of these packages are however available under the GNU General Public License (GNU GPL). Common to all is that they are free to use without restrictions, may be modified and that modifications may be distributed. If the source -file (i.e. gnupg-src-k.m.n.zip) is distributed along with the binaries -and the use of the GNU GPL has been pointed out, distribution is in -all cases possible. +file (i.e. gnupg-w32-VERSION_DATE.tar.xz) is distributed along with +the installer and the use of the GNU GPL has been pointed out, +distribution is in all cases possible. What follows is a list of copyright statements. diff --git a/build-aux/speedo/w32/gnupg-logo-150x57.bmp b/build-aux/speedo/w32/gnupg-logo-150x57.bmp new file mode 100644 index 0000000..f2978f3 Binary files /dev/null and b/build-aux/speedo/w32/gnupg-logo-150x57.bmp differ diff --git a/build-aux/speedo/w32/gnupg-logo-164x314.bmp b/build-aux/speedo/w32/gnupg-logo-164x314.bmp new file mode 100644 index 0000000..bf270ac Binary files /dev/null and b/build-aux/speedo/w32/gnupg-logo-164x314.bmp differ diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index 101e6d1..8c64953 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -132,11 +132,9 @@ VIAddVersionKey "FileVersion" "${PROD_VERSION}" !define MUI_FINISHPAGE_NOAUTOCLOSE !define MUI_UNFINISHPAGE_NOAUTOCLOSE -#!define MUI_HEADERIMAGE -#!define MUI_HEADERIMAGE_BITMAP \ -# "${TOP_SRCDIR}/doc/logo/gnupg-logo-150x57.bmp" -#!define MUI_WELCOMEFINISHPAGE_BITMAP \ -# "${TOP_SRCDIR}/doc/logo/gnupg-logo-164x314.bmp" +!define MUI_HEADERIMAGE +!define MUI_HEADERIMAGE_BITMAP "${W32_SRCDIR}\gnupg-logo-150x57.bmp" +!define MUI_WELCOMEFINISHPAGE_BITMAP "${W32_SRCDIR}\gnupg-logo-164x314.bmp" # Remember the installer language !define MUI_LANGDLL_REGISTRY_ROOT "HKCU" @@ -218,11 +216,10 @@ Var STARTMENU_FOLDER !insertmacro MUI_RESERVEFILE_LANGDLL !insertmacro MUI_RESERVEFILE_INSTALLOPTIONS ReserveFile "${BUILD_DIR}\g4wihelp.dll" -#ReserveFile "${TOP_SRCDIR}\doc\logo\gnupg-logo-400px.bmp" -#ReserveFile "${W32_SRCDIR}\gnupg-splash.wav" +ReserveFile "${W32_SRCDIR}\gnupg-logo-150x57.bmp" +ReserveFile "${W32_SRCDIR}\gnupg-logo-164x314.bmp" ReserveFile "${TOP_SRCDIR}\COPYING" ReserveFile "${W32_SRCDIR}\inst-options.ini" -#ReserveFile "${TOP_SRCDIR}\doc\logo\gnupg-logo-164x314.bmp" # Language support @@ -1019,6 +1016,7 @@ Section "-un.gpgme" Delete "$INSTDIR\bin\libgpgme-glib-11.dll" Delete "$INSTDIR\bin\gpgme-w32spawn.exe" Delete "$INSTDIR\lib\libgpgme.imp" + Delete "$INSTDIR\lib\libgpgme-glib.imp" Delete "$INSTDIR\include\gpgme.h" SectionEnd ----------------------------------------------------------------------- Summary of changes: artwork/gnupg-lock-256x256tr.png | Bin 0 -> 25022 bytes build-aux/speedo.mk | 10 ++-- build-aux/speedo/w32/README.txt | 39 ++++++++++------ build-aux/speedo/w32/gnupg-logo-150x57.bmp | Bin 0 -> 3842 bytes build-aux/speedo/w32/gnupg-logo-164x314.bmp | Bin 0 -> 4182 bytes build-aux/speedo/w32/inst.nsi | 14 +++--- doc/DETAILS | 1 + g10/import.c | 67 +++++++++++++++++++++------ g10/parse-packet.c | 9 ++-- 9 files changed, 98 insertions(+), 42 deletions(-) create mode 100644 artwork/gnupg-lock-256x256tr.png create mode 100644 build-aux/speedo/w32/gnupg-logo-150x57.bmp create mode 100644 build-aux/speedo/w32/gnupg-logo-164x314.bmp hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 21 21:30:03 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 21 Nov 2014 21:30:03 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.1-17-g162c87f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 162c87f069ebeecec4244fdfe56a19c566641356 (commit) via c62ce32b9c01ee9ceb1d69e7344fb79a9162d232 (commit) via 81ce87111f5a3f966188629abb07a4d0702e6db0 (commit) via 5942b0c7e0593b82b4c4a142c214d7a2649de104 (commit) from a9ae0d142864a91d732a8f215e4ccdc791309335 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 162c87f069ebeecec4244fdfe56a19c566641356 Author: Werner Koch Date: Fri Nov 21 21:29:11 2014 +0100 Post release updates -- diff --git a/NEWS b/NEWS index aed5a29..65f0283 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.5.3 (unreleased) [C24/A13/R_] +------------------------------------------------------------- + + Noteworthy changes in version 1.5.2 (2014-11-21) [C24/A13/R1] ------------------------------------------------------------- diff --git a/configure.ac b/configure.ac index 0ffe847..7bef516 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.11" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [5]) -m4_define(mym4_version_micro, [2]) +m4_define(mym4_version_micro, [3]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag diff --git a/doc/Makefile.am b/doc/Makefile.am index 19b8c82..2df35b4 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -31,6 +31,6 @@ online: gpgme.html gpgme.pdf echo "Uploading current manuals to www.gnupg.org ..."; \ user=werner ; \ (cd gpgme.html && rsync -vr --exclude='.svn' . \ - $${user}@cvs.gnupg.org:webspace/manuals/gpgme/ ); \ - rsync -v gpgme.pdf $${user}@cvs.gnupg.org:webspace/manuals/ + $${user}@ftp.gnupg.org:webspace/manuals/gpgme/ ); \ + rsync -v gpgme.pdf $${user}@ftp.gnupg.org:webspace/manuals/ commit c62ce32b9c01ee9ceb1d69e7344fb79a9162d232 Author: Werner Koch Date: Fri Nov 21 21:19:26 2014 +0100 Release 1.5.2. * configure.ac: Set LT version to C24/A13/R1. diff --git a/NEWS b/NEWS index af12743..aed5a29 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,12 @@ -Noteworthy changes in version 1.5.2 (unreleased) [C__/A__/R_] +Noteworthy changes in version 1.5.2 (2014-11-21) [C24/A13/R1] ------------------------------------------------------------- * gpgme-tool is now installed. + * Fix external listing for modern keyservers. + + * Minor other fixes. + Noteworthy changes in version 1.5.1 (2014-07-30) [C24/A13/R0] ------------------------------------------------------------- diff --git a/configure.ac b/configure.ac index 5cf46f7..0ffe847 100644 --- a/configure.ac +++ b/configure.ac @@ -59,7 +59,7 @@ LIBGPGME_LT_CURRENT=24 # Subtract 2 from this value if you want to make the LFS transition an # ABI break. [Note to self: Remove this comment with the next regular break.] LIBGPGME_LT_AGE=13 -LIBGPGME_LT_REVISION=0 +LIBGPGME_LT_REVISION=1 # If the API is changed in an incompatible way: increment the next counter. GPGME_CONFIG_API_VERSION=1 commit 81ce87111f5a3f966188629abb07a4d0702e6db0 Author: Werner Koch Date: Wed Nov 19 10:34:32 2014 +0100 Update the previous commit * src/sign.c (gpgme_op_sign_result): Reformat and take care of failed malloc. -- Although _gpgme_debug_trace() is current always true, the code should be run always and not just in trace mode. Also added error checking to malloc and strdup. And while at replace some while by for loop for easier readability. diff --git a/src/sign.c b/src/sign.c index 034a869..ffbde56 100644 --- a/src/sign.c +++ b/src/sign.c @@ -54,7 +54,8 @@ typedef struct } *op_data_t; -static void release_signatures (gpgme_new_signature_t sig) +static void +release_signatures (gpgme_new_signature_t sig) { while (sig) { @@ -65,6 +66,7 @@ static void release_signatures (gpgme_new_signature_t sig) } } + static void release_op_data (void *hook) { @@ -90,6 +92,10 @@ gpgme_op_sign_result (gpgme_ctx_t ctx) void *hook; op_data_t opd; gpgme_error_t err; + gpgme_invalid_key_t inv_key, key; + gpgme_new_signature_t sig; + unsigned int inv_signers = 0; + unsigned int signatures = 0; TRACE_BEG (DEBUG_CTX, "gpgme_op_sign_result", ctx); @@ -101,91 +107,81 @@ gpgme_op_sign_result (gpgme_ctx_t ctx) return NULL; } - if (_gpgme_debug_trace ()) - { - gpgme_invalid_key_t inv_key = opd->result.invalid_signers; - gpgme_new_signature_t sig = opd->result.signatures; - int inv_signers = 0; - int signatures = 0; - - while (inv_key) - { - inv_signers++; - inv_key = inv_key->next; - } - while (sig) - { - signatures++; - sig = sig->next; - } + for (inv_key = opd->result.invalid_signers; inv_key; inv_key = inv_key->next) + inv_signers++; + for (sig = opd->result.signatures; sig; sig = sig->next) + signatures++; - if (gpgme_signers_count (ctx) - && signatures + inv_signers != gpgme_signers_count (ctx)) + if (gpgme_signers_count (ctx) + && signatures + inv_signers != gpgme_signers_count (ctx)) + { + /* In this case at least one signatures was not created perhaps + due to a bad passphrase etc. Thus the entire message is + broken and should not be used. We add the already created + signatures to the invalid signers list and thus this case can + be detected. */ + TRACE_LOG3 ("result: invalid signers: %u, signatures: %u, count: %u", + inv_signers, signatures, gpgme_signers_count (ctx)); + + for (sig = opd->result.signatures; sig; sig = sig->next) { - TRACE_LOG3 ("result: invalid signers: %i, signatures: %i, count: %i", - inv_signers, signatures, gpgme_signers_count (ctx)); - - sig = opd->result.signatures; - while (sig) + key = calloc (1, sizeof *key); + if (!key) + { + TRACE_SUC0 ("out of core; result=(null)"); + return NULL; + } + if (sig->fpr) { - gpgme_invalid_key_t key; - - key = malloc (sizeof (*key)); key->fpr = strdup (sig->fpr); - key->reason = GPG_ERR_GENERAL; - key->next = NULL; - - inv_key = opd->result.invalid_signers; - if (!inv_key) + if (!key->fpr) { - opd->result.invalid_signers = inv_key = key; - sig = sig->next; - continue; + free (key); + TRACE_SUC0 ("out of core; result=(null)"); + return NULL; } - - while (inv_key) - { - if (!inv_key->next) - { - inv_key->next = key; - break; - } - - inv_key = inv_key->next; - } - - sig = sig->next; } + key->reason = GPG_ERR_GENERAL; - release_signatures (opd->result.signatures); - opd->result.signatures = NULL; + inv_key = opd->result.invalid_signers; + if (inv_key) + { + for (; inv_key->next; inv_key = inv_key->next) + ; + inv_key->next = key; + } + else + opd->result.invalid_signers = key; } + release_signatures (opd->result.signatures); + opd->result.signatures = NULL; + } + + if (_gpgme_debug_trace()) + { TRACE_LOG2 ("result: invalid signers: %i, signatures: %i", inv_signers, signatures); - inv_key = opd->result.invalid_signers; - while (inv_key) + for (inv_key=opd->result.invalid_signers; inv_key; inv_key=inv_key->next) { TRACE_LOG3 ("result: invalid signer: fpr=%s, reason=%s <%s>", inv_key->fpr, gpgme_strerror (inv_key->reason), gpgme_strsource (inv_key->reason)); - inv_key = inv_key->next; } - sig = opd->result.signatures; - while (sig) + for (sig = opd->result.signatures; sig; sig = sig->next) { TRACE_LOG6 ("result: signature: type=%i, pubkey_algo=%i, " "hash_algo=%i, timestamp=%li, fpr=%s, sig_class=%i", sig->type, sig->pubkey_algo, sig->hash_algo, sig->timestamp, sig->fpr, sig->sig_class); - sig = sig->next; } - } + } TRACE_SUC1 ("result=%p", &opd->result); return &opd->result; } + static gpgme_error_t parse_sig_created (char *args, gpgme_new_signature_t *sigp, commit 5942b0c7e0593b82b4c4a142c214d7a2649de104 Author: Ben Kibbey Date: Sun Nov 9 16:42:54 2014 -0500 Fix returning new signatures when there are none. * src/sign.c (gpgme_op_sign_result): Test that invalid and valid signatures add up to gpgme_signers_count(). -- When invalid and valid signatures do not equal gpgme_signers_count() it means that there was a bad passphrase during signing after the first signer. This leaves the result.signatures from previous signers intact which isn't correct since gpg will report: gpg: number of one-pass packets does not match number of signature packets gpg: can't handle this ambiguous signature data during verify. So when this happens append the valid signatures to the .invalid_signers list with .reason set to GPG_ERR_GENERAL. diff --git a/src/sign.c b/src/sign.c index c55441d..034a869 100644 --- a/src/sign.c +++ b/src/sign.c @@ -54,12 +54,22 @@ typedef struct } *op_data_t; +static void release_signatures (gpgme_new_signature_t sig) +{ + while (sig) + { + gpgme_new_signature_t next = sig->next; + free (sig->fpr); + free (sig); + sig = next; + } +} + static void release_op_data (void *hook) { op_data_t opd = (op_data_t) hook; gpgme_invalid_key_t invalid_signer = opd->result.invalid_signers; - gpgme_new_signature_t sig = opd->result.signatures; while (invalid_signer) { @@ -70,13 +80,7 @@ release_op_data (void *hook) invalid_signer = next; } - while (sig) - { - gpgme_new_signature_t next = sig->next; - free (sig->fpr); - free (sig); - sig = next; - } + release_signatures (opd->result.signatures); } @@ -115,6 +119,48 @@ gpgme_op_sign_result (gpgme_ctx_t ctx) sig = sig->next; } + if (gpgme_signers_count (ctx) + && signatures + inv_signers != gpgme_signers_count (ctx)) + { + TRACE_LOG3 ("result: invalid signers: %i, signatures: %i, count: %i", + inv_signers, signatures, gpgme_signers_count (ctx)); + + sig = opd->result.signatures; + while (sig) + { + gpgme_invalid_key_t key; + + key = malloc (sizeof (*key)); + key->fpr = strdup (sig->fpr); + key->reason = GPG_ERR_GENERAL; + key->next = NULL; + + inv_key = opd->result.invalid_signers; + if (!inv_key) + { + opd->result.invalid_signers = inv_key = key; + sig = sig->next; + continue; + } + + while (inv_key) + { + if (!inv_key->next) + { + inv_key->next = key; + break; + } + + inv_key = inv_key->next; + } + + sig = sig->next; + } + + release_signatures (opd->result.signatures); + opd->result.signatures = NULL; + } + TRACE_LOG2 ("result: invalid signers: %i, signatures: %i", inv_signers, signatures); inv_key = opd->result.invalid_signers; ----------------------------------------------------------------------- Summary of changes: NEWS | 10 +++++- configure.ac | 4 +-- doc/Makefile.am | 4 +-- src/sign.c | 104 ++++++++++++++++++++++++++++++++++++++----------------- 4 files changed, 86 insertions(+), 36 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 21 21:37:28 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 21 Nov 2014 21:37:28 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-35-g0bfabe5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0bfabe579d31742ac006954e38a20b105fe8b8b7 (commit) from 44c9cc18968b3e1d7568ec41ebf28a07285c61bb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0bfabe579d31742ac006954e38a20b105fe8b8b7 Author: Werner Koch Date: Fri Nov 21 21:38:00 2014 +0100 Update NEWS -- diff --git a/NEWS b/NEWS index ae5afc7..df40c2d 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,28 @@ Noteworthy changes in version 2.1.1 (unreleased) ------------------------------------------------ + * gpg: Detect faulty use of --verify on detached signatures. + + * gpg: New import option "keep-ownertrust". + + * gpg: Fixed regression in --refresh-keys. + + * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA. + + * gpg: Improved perceived speed of secret key listisngs. + + * gpg: Print number of skipped PGP-2 keys on import. + + * gpgconf --kill does not anymore start a service only to kill it. + + * Fixed keyserver access for Windows. + + * Fixed build problems on Mac OS X + + * The Windows installer does now install development files + + * More translations (but most of them are not complete). + Noteworthy changes in version 2.1.0 (2014-11-06) ------------------------------------------------ ----------------------------------------------------------------------- Summary of changes: NEWS | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 24 11:22:53 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Nov 2014 11:22:53 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-39-g0082766 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0082766aace354e49a23227475e664c515217a8d (commit) via eed16ccebf8fd1fdf9709affbd5c831f6957b8ae (commit) via a3cf781e3bc144aff60e007b9ba59bff7b1b2c9e (commit) via e5697fefbe5f518cfca2579b8d698b7bf98e9335 (commit) from 0bfabe579d31742ac006954e38a20b105fe8b8b7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0082766aace354e49a23227475e664c515217a8d Author: Werner Koch Date: Mon Nov 24 11:23:22 2014 +0100 doc: Update dirmngr.texi -- diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 7b2f92c..5f2cfd4 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -24,15 +24,17 @@ @end ifset @mansect description -Dirmngr is a server for managing and downloading certificate revocation -lists (CRLs) for X.509 certificates and for downloading the certificates -themselves. Dirmngr also handles OCSP requests as an alternative to -CRLs. Dirmngr is either invoked internally by gpgsm or when running as a -system daemon through the @command{dirmngr-client} tool. +Since version 2.1 of GnuPG, @command{dirmngr} takes care of accessing +the OpenPGP keyservers. As with previous versions it is also used as +a server for managing and downloading certificate revocation lists +(CRLs) for X.509 certificates, downloading X.509 certificates, and +providing access to OCSP providers. Dirmngr is invoked internally by + at command{gpg}, @command{gpgsm}, or via the @command{gpg-connect-agent} +tool. -If @command{dirmngr} is started in system daemon mode, it uses a -directory layout as common for system daemons and does not make use of -the default @file{~/.gnupg} directory. +For historical reasons it is also possible to start @command{dirmngr} +in a system daemon mode which uses a different directory layout. +However, this mode is deprecated and may eventually be removed. @manpause @@ -78,12 +80,13 @@ abbreviate this command. @opindex server Run in server mode and wait for commands on the @code{stdin}. The default mode is to create a socket and listen for commands there. +This is only used for testing. @item --daemon @opindex daemon Run in background daemon mode and listen for commands on a socket. Note that this also changes the default home directory and enables the -internal certificate validation code. +internal certificate validation code. This mode is deprecated. @item --list-crls @opindex list-crls @@ -420,51 +423,63 @@ Dirmngr makes use of several directories when running in daemon mode: @table @file - at item /etc/gnupg -This is where all the configuration files are expected by default. - - at item /etc/gnupg/trusted-certs -This directory should be filled with certificates of Root CAs you are -trusting in checking the CRLS and signing OCSP Reponses. Usually -these are the same certificates you use with the applications making -use of dirmngr. It is expected that each of these certificate files -contain exactly one @acronym{DER} encoded certificate in a file with -the suffix @file{.crt} or @file{.der}. @command{dirmngr} reads those -certificates on startup and when given a SIGHUP. Certificates which -are not readable or do not make up a proper X.509 certificate are -ignored; see the log file for details. + at item ~/.gnupg + at itemx /etc/gnupg +The first is the standard home directory for all configuration files. +In the deprecated system daemon mode the second directory is used instead. + + at item ~/.gnupg/trusted-certs + at itemx /etc/gnupg/trusted-certs +The first directory should be filled with certificates of Root CAs you +are trusting in checking the CRLs and signing OCSP Reponses. The +second directory is used in the deprecated systems daemon mode. + +Usually these are the same certificates you use with the applications +making use of dirmngr. It is expected that each of these certificate +files contain exactly one @acronym{DER} encoded certificate in a file +with the suffix @file{.crt} or @file{.der}. @command{dirmngr} reads +those certificates on startup and when given a SIGHUP. Certificates +which are not readable or do not make up a proper X.509 certificate +are ignored; see the log file for details. Note that for OCSP responses the certificate specified using the option @option{--ocsp-signer} is always considered valid to sign OCSP requests. - at item /var/lib/gnupg/extra-certs -This directory may contain extra certificates which are preloaded into -the interal cache on startup. This is convenient in cases you have a -couple intermediate CA certificates or certificates ususally used to -sign OCSP reponses. These certificates are first tried before going out -to the net to look for them. These certificates must also be + at item ~/.gnupg/extra-certs + at itemx /var/lib/gnupg/extra-certs +The first directory may contain extra certificates which are preloaded +into the interal cache on startup.This is convenient in cases you have +a couple intermediate CA certificates or certificates ususally used to +sign OCSP reponses. These certificates are first tried before going +out to the net to look for them. These certificates must also be @acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}. +The second directory is used instead in the deprecated systems daemon +mode. @item /var/run/gnupg -This directory keeps the socket file for accsing @command{dirmngr} services. -The name of the socket file will be @file{S.dirmngr}. Make sure that this -directory has the proper permissions to let @command{dirmngr} create the -socket file and that eligible users may read and write to that socket. - - at item /var/cache/gnupg/crls.d -This directory is used to store cached CRLs. The @file{crls.d} part -will be created by dirmngr if it does not exists but you need to make -sure that the upper directory exists. +This directory is only used in the deprecated system daemon mode. It +keeps the socket file for accessing @command{dirmngr} services. The +name of the socket file will be @file{S.dirmngr}. Make sure that this +directory has the proper permissions to let @command{dirmngr} create +the socket file and that eligible users may read and write to that +socket. + + at item ~/.gnupg/crls.d + at itemx /var/cache/gnupg/crls.d +The first directory is used to store cached CRLs. The @file{crls.d} +part will be created by dirmngr if it does not exists but you need to +make sure that the upper directory exists. The second directory is +used instead in the deprecated systems daemon mode. @end table @manpause To be able to see what's going on you should create the configure file - at file{/etc/dirmngr/dirmngr.conf} with at least one line: + at file{~/gnupg/dirmngr.conf} with at least one line: @example -log-file /var/log/gnupg/dirmngr.log +log-file ~/dirmngr.log @end example To be able to perform OCSP requests you probably want to add the line: @@ -473,14 +488,16 @@ To be able to perform OCSP requests you probably want to add the line: allow-ocsp @end example -Now you may start dirmngr as a system daemon using: +To make sure that new options are read and that after the installation +of a new GnuPG versions the installed dirmngr is running, you may want +to kill an existing dirmngr first: @example -dirmngr --daemon +gpgconf --kill dirmngr @end example -Please ignore the output; it is not needed anymore. Check the log file -to see whether all trusted root certificates have been loaded correctly. +You may check the log file to see whether all desired root +certificates have been loaded correctly. @c @@ -501,13 +518,21 @@ Here is a list of supported signals: @cpindex SIGHUP This signals flushes all internally cached CRLs as well as any cached certificates. Then the certificate cache is reinitialized as on -startup. Options are re-read from the configuration file. +startup. Options are re-read from the configuration file. Instead of +sending this signal it is better to use + at example +gpgconf --reload dirmngr + at end example @item SIGTERM @cpindex SIGTERM Shuts down the process but waits until all current requests are fulfilled. If the process has received 3 of these signals and requests -are still pending, a shutdown is forced. +are still pending, a shutdown is forced. You may also use + at example +gpgconf --kill dirmngr + at end example +instead of this signal @item SIGINT @cpindex SIGINT @@ -529,25 +554,25 @@ This prints some caching statistics to the log file. @node Dirmngr Examples @section Examples - -Dirmngr is supposed to be used as a system wide daemon, it should be -started like: +Here is an example on how to show dirmngr's internal table of OpenPGP +keyserver addresses. The output is intended for debugging purposes +and not part of a defined API. @example - dirmngr --daemon + gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye @end example -This will force it to go into the backround, read the default -certificates (including the trusted root certificates) and listen on a -socket for client requests. It does also print information about the -socket used but they are only for compatibilty reasons with old GnuPG -versions and may be ignored. +To inhibit the use of a particular host you have noticed in one of the +keyserver pools, you may use + + at example + gpg-connect-agent --dirmngr 'keyserver --dead pgpkeys.bnd.de' /bye + at end example -For debugging purposes it is also possible to start Dirmngr in the -foreground: +The description of the @code{keyserver} command can be printed using @example - dirmngr --server -v + gpg-connect-agent --dirmngr 'help keyserver' /bye @end example commit eed16ccebf8fd1fdf9709affbd5c831f6957b8ae Author: Daniel Kahn Gillmor Date: Fri Nov 21 17:04:42 2014 -0500 Distinguish between ARGPARSE_AMBIGUOUS_{OPTION,COMMAND} * common/argparse.c (initialize): Use correct value. -- This avoids a dead path in the argparse code. It's not clear that this is needed, however, since ARGPARSE_AMBIGUOUS_COMMAND is never actually used in the code. Another approach would be to trim out ARGPARSE_AMBIGUOUS_COMMAND entirely. diff --git a/common/argparse.c b/common/argparse.c index 0a36a9e..169e234 100644 --- a/common/argparse.c +++ b/common/argparse.c @@ -290,7 +290,7 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno ) jnlib_log_error (_("invalid command \"%.50s\"\n"), s); else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_OPTION ) jnlib_log_error (_("option \"%.50s\" is ambiguous\n"), s); - else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_OPTION ) + else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_COMMAND ) jnlib_log_error (_("command \"%.50s\" is ambiguous\n"),s ); else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE ) jnlib_log_error ("%s\n", _("out of core\n")); commit a3cf781e3bc144aff60e007b9ba59bff7b1b2c9e Author: Daniel Kahn Gillmor Date: Fri Nov 21 17:33:01 2014 -0500 gpg: Refer to --throw-keyids instead of --throw-keyid * g10/encrypt.c: adjust error message -- The full option name is --throw-keyids, so we should refer to it consistently. diff --git a/g10/encrypt.c b/g10/encrypt.c index d1ce933..518b544 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -872,7 +872,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out) if (opt.throw_keyid && (PGP6 || PGP7 || PGP8)) { log_info(_("you may not use %s while in %s mode\n"), - "--throw-keyid",compliance_option_string()); + "--throw-keyids",compliance_option_string()); compliance_failure(); } commit e5697fefbe5f518cfca2579b8d698b7bf98e9335 Author: Werner Koch Date: Mon Nov 24 09:44:18 2014 +0100 speedo: Distribute installer graphics. -- diff --git a/Makefile.am b/Makefile.am index b462b9f..57529b6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -38,6 +38,8 @@ EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \ build-aux/speedo/w32/gdk-pixbuf-loaders.cache \ build-aux/speedo/w32/exdll.h \ build-aux/speedo/w32/README.txt \ + build-aux/speedo/w32/gnupg-logo-150x57.bmp \ + build-aux/speedo/w32/gnupg-logo-164x314.bmp \ build-aux/speedo/patches/atk-1.32.0.patch \ build-aux/speedo/patches/libiconv-1.14.patch \ build-aux/speedo/patches/pango-1.29.4.patch ----------------------------------------------------------------------- Summary of changes: Makefile.am | 2 + common/argparse.c | 2 +- doc/dirmngr.texi | 139 +++++++++++++++++++++++++++++++---------------------- g10/encrypt.c | 2 +- 4 files changed, 86 insertions(+), 59 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 24 11:57:07 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Nov 2014 11:57:07 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-40-gb716e6a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b716e6a69919b89c7887d6c7c9b97e58d18fdf95 (commit) from 0082766aace354e49a23227475e664c515217a8d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b716e6a69919b89c7887d6c7c9b97e58d18fdf95 Author: Werner Koch Date: Mon Nov 24 11:56:49 2014 +0100 gpg: Fix batch generation of ECC keys. * g10/keygen.c (get_parameter_algo): Map ECC algorithm strings directly. -- Interactive generation of the keys uses the OpenPGP algorithms numbers but batch generation allows the use of strings. Reported-by: Gaetan Bisson. Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index 2610af5..89cc255 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2826,6 +2826,8 @@ get_parameter_algo( struct para_data_s *para, enum para_name key, if (!r) return -1; + /* Note that we need to handle the ECC algorithms specified as + strings directly because Libgcrypt folds them all to ECC. */ if (!ascii_strcasecmp (r->u.value, "default")) { /* Note: If you change this default algo, remember to change it @@ -2839,6 +2841,12 @@ get_parameter_algo( struct para_data_s *para, enum para_name key, else if (!strcmp (r->u.value, "ELG-E") || !strcmp (r->u.value, "ELG")) i = PUBKEY_ALGO_ELGAMAL_E; + else if (!ascii_strcasecmp (r->u.value, "EdDSA")) + i = PUBKEY_ALGO_EDDSA; + else if (!ascii_strcasecmp (r->u.value, "ECDSA")) + i = PUBKEY_ALGO_ECDSA; + else if (!ascii_strcasecmp (r->u.value, "ECDH")) + i = PUBKEY_ALGO_ECDH; else i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value)); ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 8 ++++++++ 1 file changed, 8 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 24 12:32:20 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Nov 2014 12:32:20 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-128-gd53ea84 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via d53ea84bed37b973f7ce59262c50b33700cd8311 (commit) via 1b4210c204a5ef5e631187509e011b8468a134ef (commit) from e6130034506013d6153465a2bedb6fb08a43f74d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d53ea84bed37b973f7ce59262c50b33700cd8311 Author: Werner Koch Date: Mon Nov 24 12:28:33 2014 +0100 Remove duplicated prototypes. * src/gcrypt-int.h (_gcry_mpi_ec_new, _gcry_mpi_ec_set_mpi) (gcry_mpi_ec_set_point): Remove. -- Thos used gpg_error_t instead of gpg_err_code_t and the picky AIX compiler takes this as a severe error. Signed-off-by: Werner Koch diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h index 918937b..29d4fd3 100644 --- a/src/gcrypt-int.h +++ b/src/gcrypt-int.h @@ -416,15 +416,10 @@ gcry_mpi_point_t _gcry_mpi_point_set (gcry_mpi_point_t point, gcry_mpi_point_t _gcry_mpi_point_snatch_set (gcry_mpi_point_t point, gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z); -gpg_error_t _gcry_mpi_ec_new (gcry_ctx_t *r_ctx, - gcry_sexp_t keyparam, const char *curvename); + gcry_mpi_t _gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy); gcry_mpi_point_t _gcry_mpi_ec_get_point (const char *name, gcry_ctx_t ctx, int copy); -gpg_error_t _gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue, - gcry_ctx_t ctx); -gpg_error_t _gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue, - gcry_ctx_t ctx); int _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point, mpi_ec_t ctx); void _gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx); commit 1b4210c204a5ef5e631187509e011b8468a134ef Author: Werner Koch Date: Tue Oct 14 21:29:33 2014 +0200 tests: Add a prime mode to benchmark. * tests/benchmark.c (progress_cb): Add a single char mode. (prime_bench): New. (main): Add a "prime" mode. Factor with_progress out to file scope. Signed-off-by: Werner Koch diff --git a/tests/benchmark.c b/tests/benchmark.c index 2621551..5bf92da 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -62,6 +62,12 @@ static int in_fips_mode; /* Whether we are running as part of the regression test suite. */ static int in_regression_test; +/* Whether --progress is in use. */ +static int with_progress; + +/* Runtime flag to switch to a different progress output. */ +static int single_char_progress; + static const char sample_private_dsa_key_1024[] = "(private-key\n" @@ -429,9 +435,17 @@ progress_cb (void *cb_data, const char *what, int printchar, { (void)cb_data; - fprintf (stderr, PGM ": progress (%s %c %d %d)\n", - what, printchar, current, total); - fflush (stderr); + if (single_char_progress) + { + fputc (printchar, stdout); + fflush (stderr); + } + else + { + fprintf (stderr, PGM ": progress (%s %c %d %d)\n", + what, printchar, current, total); + fflush (stderr); + } } @@ -1544,6 +1558,51 @@ mpi_bench (void) } +static void +prime_bench (void) +{ + gpg_error_t err; + int i; + gcry_mpi_t prime; + int old_prog = single_char_progress; + + single_char_progress = 1; + if (!with_progress) + printf ("%-10s", "prime"); + fflush (stdout); + start_timer (); + for (i=0; i < 10; i++) + { + if (with_progress) + fputs ("primegen ", stdout); + err = gcry_prime_generate (&prime, + 1024, 0, + NULL, + NULL, NULL, + GCRY_WEAK_RANDOM, + GCRY_PRIME_FLAG_SECRET); + if (with_progress) + { + fputc ('\n', stdout); + fflush (stdout); + } + if (err) + { + fprintf (stderr, PGM ": error creating prime: %s\n", + gpg_strerror (err)); + exit (1); + } + gcry_mpi_release (prime); + } + stop_timer (); + if (with_progress) + printf ("%-10s", "prime"); + printf (" %s\n", elapsed_time ()); fflush (stdout); + + single_char_progress = old_prog; +} + + int main( int argc, char **argv ) { @@ -1551,7 +1610,6 @@ main( int argc, char **argv ) int no_blinding = 0; int use_random_daemon = 0; int use_secmem = 0; - int with_progress = 0; int debug = 0; int pk_count = 100; @@ -1582,7 +1640,7 @@ main( int argc, char **argv ) else if (!strcmp (*argv, "--help")) { fputs ("usage: benchmark " - "[md|mac|cipher|random|mpi|rsa|dsa|ecc [algonames]]\n", + "[md|mac|cipher|random|mpi|rsa|dsa|ecc|prime [algonames]]\n", stdout); exit (0); } @@ -1833,6 +1891,11 @@ main( int argc, char **argv ) gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); ecc_bench (pk_count, 1); } + else if ( !strcmp (*argv, "prime")) + { + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + prime_bench (); + } else { fprintf (stderr, PGM ": bad arguments\n"); ----------------------------------------------------------------------- Summary of changes: src/gcrypt-int.h | 7 +---- tests/benchmark.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 69 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 24 18:07:25 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Nov 2014 18:07:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-42-g596ae9f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8 (commit) via 0988764397f99db4efef1eabcdb8072d6159af76 (commit) from b716e6a69919b89c7887d6c7c9b97e58d18fdf95 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8 Author: Werner Koch Date: Mon Nov 24 18:05:45 2014 +0100 gpg: Fix use of uninit.value in listing sig subpkts. * g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket sanitized. -- We may not use "%s" to print an arbitrary buffer. At least "%.*s" should have been used. However, it is in general preferable to escape control characters while printf user data. Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/g10/parse-packet.c b/g10/parse-packet.c index f75e21c..58cb1c4 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1151,7 +1151,11 @@ dump_sig_subpkt (int hashed, int type, int critical, if (!length) p = "[invalid regexp subpacket]"; else - es_fprintf (listfp, "regular expression: \"%s\"", buffer); + { + es_fprintf (listfp, "regular expression: \""); + es_write_sanitized (listfp, buffer, length, "\"", NULL); + p = "\""; + } break; case SIGSUBPKT_REVOCABLE: if (length) commit 0988764397f99db4efef1eabcdb8072d6159af76 Author: Werner Koch Date: Mon Nov 24 17:28:25 2014 +0100 gpg: Fix off-by-one read in the attribute subpacket parser. * g10/parse-packet.c (parse_attribute_subpkts): Check that the attribute packet is large enough for the subpacket type. -- Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/g10/parse-packet.c b/g10/parse-packet.c index e0370aa..f75e21c 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2359,8 +2359,16 @@ parse_attribute_subpkts (PKT_user_id * uid) if (buflen < n) goto too_short; - attribs = - xrealloc (attribs, (count + 1) * sizeof (struct user_attribute)); + if (!n) + { + /* Too short to encode the subpacket type. */ + if (opt.verbose) + log_info ("attribute subpacket too short\n"); + break; + } + + attribs = xrealloc (attribs, + (count + 1) * sizeof (struct user_attribute)); memset (&attribs[count], 0, sizeof (struct user_attribute)); type = *buffer; ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 24 19:26:59 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Nov 2014 19:26:59 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-20-g1f9dfe1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 1f9dfe1fedad215140011257d9b1bb21bc368179 (commit) via 7a068ac50bc48de26e93cfeadf412b37257f97d5 (commit) via 92a7949ae6331b5e188480b76ce29a86ede6e89e (commit) from a1c861ed380548ccd2819d3f6506ebbad9246561 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f9dfe1fedad215140011257d9b1bb21bc368179 Author: Werner Koch Date: Mon Nov 24 19:24:47 2014 +0100 gpg: Fix use of uninit.value in listing sig subpkts. * g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket sanitized. -- We may not use "%s" to print an arbitrary buffer. At least "%.*s" should have been used. However, it is in general preferable to escape control characters while printf user data. Reported-by: Hanno B?ck Signed-off-by: Werner Koch (backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 99ff7b7..63b97f0 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -972,7 +972,11 @@ dump_sig_subpkt( int hashed, int type, int critical, if(!length) p="[invalid regexp subpacket]"; else - fprintf (listfp, "regular expression: \"%s\"",buffer); + { + fprintf (listfp, "regular expression: \""); + print_string (listfp, buffer, length, '\"'); + p = "\""; + } break; case SIGSUBPKT_REVOCABLE: if( length ) commit 7a068ac50bc48de26e93cfeadf412b37257f97d5 Author: Werner Koch Date: Mon Nov 24 19:12:37 2014 +0100 gpg: Fix off-by-one read in the attribute subpacket parser. * g10/parse-packet.c (parse_attribute_subpkts): Check that the attribute packet is large enough for the subpacket type. -- Reported-by: Hanno B?ck Signed-off-by: Werner Koch (backported from commit 0988764397f99db4efef1eabcdb8072d6159af76) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index f1d7f71..99ff7b7 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2102,6 +2102,14 @@ parse_attribute_subpkts(PKT_user_id *uid) if( buflen < n ) goto too_short; + if (!n) + { + /* Too short to encode the subpacket type. */ + if (opt.verbose) + log_info ("attribute subpacket too short\n"); + break; + } + attribs=xrealloc(attribs,(count+1)*sizeof(struct user_attribute)); memset(&attribs[count],0,sizeof(struct user_attribute)); commit 92a7949ae6331b5e188480b76ce29a86ede6e89e Author: Werner Koch Date: Mon Nov 24 18:19:31 2014 +0100 gpg: Fix a NULL-deref for invalid input data. * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse entry. -- GnuPG-bug-id: 1761 Signed-off-by: Werner Koch (backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e) diff --git a/g10/mainproc.c b/g10/mainproc.c index 3abcb15..6288030 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -520,7 +520,9 @@ proc_encrypted( CTX c, PACKET *pkt ) result = -1; else if( !c->dek && !c->last_was_session_key ) { int algo; - STRING2KEY s2kbuf, *s2k = NULL; + STRING2KEY s2kbuf; + STRING2KEY *s2k = NULL; + int canceled; if(opt.override_session_key) { @@ -562,9 +564,13 @@ proc_encrypted( CTX c, PACKET *pkt ) log_info (_("assuming %s encrypted data\n"), "IDEA"); } - c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL ); + c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL,&canceled); if (c->dek) c->dek->algo_info_printed = 1; + else if (canceled) + result = gpg_error (GPG_ERR_CANCELED); + else + result = gpg_error (GPG_ERR_INV_PASSPHRASE); } } else if( !c->dek ) @@ -585,7 +591,7 @@ proc_encrypted( CTX c, PACKET *pkt ) else if(!opt.no_mdc_warn) log_info (_("WARNING: message was not integrity protected\n")); } - else if( result == G10ERR_BAD_SIGN ) { + else if( gpg_err_code (result) == G10ERR_BAD_SIGN ) { log_error(_("WARNING: encrypted message has been manipulated!\n")); write_status( STATUS_BADMDC ); write_status( STATUS_DECRYPTION_FAILED ); ----------------------------------------------------------------------- Summary of changes: g10/mainproc.c | 12 +++++++++--- g10/parse-packet.c | 14 +++++++++++++- 2 files changed, 22 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 24 19:41:37 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Nov 2014 19:41:37 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-18-g2d35968 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 2d359681f08999686734421228cb69893d8a0060 (commit) via 2b4809406b6536cbb67a2282bf855710b8454dc2 (commit) via 69767ccf4218d0dc5ef2d7e141be0f14c88fea59 (commit) from fbb50867f81d790c4bf819dcadcd14be6c3f957b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2d359681f08999686734421228cb69893d8a0060 Author: Werner Koch Date: Mon Nov 24 19:41:46 2014 +0100 gpg: Fix use of uninit.value in listing sig subpkts. * g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket sanitized. -- We may not use "%s" to print an arbitrary buffer. At least "%.*s" should have been used. However, it is in general preferable to escape control characters while printf user data. Reported-by: Hanno B?ck Signed-off-by: Werner Koch (backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index db1702f..01600e4 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -892,13 +892,18 @@ dump_sig_subpkt( int hashed, int type, int critical, if(length!=2) p="[invalid trust subpacket]"; else - fprintf (listfp, "trust signature of depth %d, value %d",buffer[0],buffer[1]); + fprintf (listfp, "trust signature of depth %d, value %d", + buffer[0],buffer[1]); break; case SIGSUBPKT_REGEXP: if(!length) p="[invalid regexp subpacket]"; else - fprintf (listfp, "regular expression: \"%s\"",buffer); + { + fprintf (listfp, "regular expression: \""); + print_string (listfp, buffer, length, '\"'); + p = "\""; + } break; case SIGSUBPKT_REVOCABLE: if( length ) commit 2b4809406b6536cbb67a2282bf855710b8454dc2 Author: Werner Koch Date: Mon Nov 24 19:38:04 2014 +0100 gpg: Fix off-by-one read in the attribute subpacket parser. * g10/parse-packet.c (parse_attribute_subpkts): Check that the attribute packet is large enough for the subpacket type. -- Reported-by: Hanno B?ck Signed-off-by: Werner Koch (backported from commit 0988764397f99db4efef1eabcdb8072d6159af76) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index dcda8ef..db1702f 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2026,6 +2026,14 @@ parse_attribute_subpkts(PKT_user_id *uid) if( buflen < n ) goto too_short; + if (!n) + { + /* Too short to encode the subpacket type. */ + if (opt.verbose) + log_info ("attribute subpacket too short\n"); + break; + } + attribs=xrealloc(attribs,(count+1)*sizeof(struct user_attribute)); memset(&attribs[count],0,sizeof(struct user_attribute)); commit 69767ccf4218d0dc5ef2d7e141be0f14c88fea59 Author: Werner Koch Date: Mon Nov 24 19:32:47 2014 +0100 gpg: Fix a NULL-deref for invalid input data. * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse entry. -- GnuPG-bug-id: 1761 Signed-off-by: Werner Koch (backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e) diff --git a/g10/mainproc.c b/g10/mainproc.c index d355a21..15baefe 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -540,7 +540,9 @@ proc_encrypted( CTX c, PACKET *pkt ) result = -1; else if( !c->dek && !c->last_was_session_key ) { int algo; - STRING2KEY s2kbuf, *s2k = NULL; + STRING2KEY s2kbuf; + STRING2KEY *s2k = NULL; + int canceled; if(opt.override_session_key) { @@ -580,9 +582,13 @@ proc_encrypted( CTX c, PACKET *pkt ) log_info (_("assuming %s encrypted data\n"), "IDEA"); } - c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL, NULL ); + c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL,&canceled); if (c->dek) c->dek->algo_info_printed = 1; + else if (canceled) + result = G10ERR_CANCELED; + else + result = G10ERR_PASSPHRASE; } } else if( !c->dek ) ----------------------------------------------------------------------- Summary of changes: g10/mainproc.c | 10 ++++++++-- g10/parse-packet.c | 17 +++++++++++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 24 20:01:22 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Nov 2014 20:01:22 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-19-gc935c73 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via c935c73f8262dcce7d5ac823ba4a6a2f563cc3eb (commit) from 2d359681f08999686734421228cb69893d8a0060 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c935c73f8262dcce7d5ac823ba4a6a2f563cc3eb Author: Werner Koch Date: Mon Nov 24 20:01:45 2014 +0100 doc: Do not install gnupg.7 -- GnuPG-bug-id: 1770 diff --git a/doc/Makefile.am b/doc/Makefile.am index 9fd9f6b..4294f83 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -28,7 +28,10 @@ myman_pages = gpg.1 gpgv.1 info_TEXINFOS = gnupg1.texi -man_MANS = $(myman_pages) gnupg.7 gpg-zip.1 +# We do not install gnupg.7 because 2.1 does it also be default. This +# is the more future proof way of handling it. +man_MANS = $(myman_pages) gpg-zip.1 +noinst_man_MANS = gnupg.7 gnupg1_TEXINFOS = gnupg1.texi ----------------------------------------------------------------------- Summary of changes: doc/Makefile.am | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 24 20:15:09 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Nov 2014 20:15:09 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-43-g28dafd4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 28dafd4714a9b01d3a6f1e6e5919bf6f909987c7 (commit) from 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 28dafd4714a9b01d3a6f1e6e5919bf6f909987c7 Author: Werner Koch Date: Mon Nov 24 20:12:38 2014 +0100 build: Require libgpg-error 1.16. -- 1.15 has a bug which will lead to a segv when sending keys. Better updated the requirements to avoid bug reports. diff --git a/configure.ac b/configure.ac index f59c117..95711cb 100644 --- a/configure.ac +++ b/configure.ac @@ -49,7 +49,7 @@ m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist)) m4_esyscmd([echo ]mym4_version[>VERSION]) AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) -NEED_GPG_ERROR_VERSION=1.15 +NEED_GPG_ERROR_VERSION=1.16 NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_VERSION=1.6.0 ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 25 12:43:53 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Nov 2014 12:43:53 +0100 Subject: [git] KSBA - branch, master, updated. libksba-1.3.1-7-g4ecabc4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 4ecabc4eb0684f5decb240dc3ac7c797a07b5cb7 (commit) via 02079b56b8d0d922bb84981270fafbc36637b417 (commit) via 00ef765bc1aff709e990f9fd984e25aa8e09f482 (commit) via 86570994c43f193912b1c2e8f71ae24c72ccfaf8 (commit) via f715b9e156dfa99ae829fc694e5a0abd23ef97d7 (commit) from 6692de1398629061d405099bb22e9480475928af (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4ecabc4eb0684f5decb240dc3ac7c797a07b5cb7 Author: Werner Koch Date: Tue Nov 25 12:43:43 2014 +0100 Post release updates -- diff --git a/NEWS b/NEWS index fad8554..bf0c43b 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.3.3 (unreleased) [C19/A11/R_] +------------------------------------------------ + + Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 1ca825b..cc3637e 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.10" m4_define([mym4_package],[libksba]) m4_define([mym4_major], [1]) m4_define([mym4_minor], [3]) -m4_define([mym4_micro], [2]) +m4_define([mym4_micro], [3]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 02079b56b8d0d922bb84981270fafbc36637b417 Author: Werner Koch Date: Tue Nov 25 12:31:40 2014 +0100 Release 1.3.2. * configure.ac: Set LT version to C19/A11/R3. diff --git a/.gitignore b/.gitignore index a345612..f7ecb30 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /doc/ksba.info /tests/Makefile.in /src/asn1-parse.c +/VERSION diff --git a/NEWS b/NEWS index 7929dd4..fad8554 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ -Noteworthy changes in version 1.3.2 (unreleased) +Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3] ------------------------------------------------ + * Fixed a buffer overflow in ksba_oid_to_str. + Noteworthy changes in version 1.3.1 (2014-09-18) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 283b9a9..1ca825b 100644 --- a/configure.ac +++ b/configure.ac @@ -52,7 +52,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # Please remember to document interface changes in the NEWS file. LIBKSBA_LT_CURRENT=19 LIBKSBA_LT_AGE=11 -LIBKSBA_LT_REVISION=2 +LIBKSBA_LT_REVISION=3 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 commit 00ef765bc1aff709e990f9fd984e25aa8e09f482 Author: Werner Koch Date: Tue Nov 25 12:24:47 2014 +0100 build: Update version number magic. * autogen.sh: Update from gnupg master. * configure.ac: Change for new init style. Create VERSION. * Makefile.am (dist-hook): Do no create VERSION diff --git a/Makefile.am b/Makefile.am index c797e4f..1dc647d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -41,7 +41,6 @@ endif SUBDIRS = m4 gl src ${tests} doc dist-hook: gen-ChangeLog - @set -e; echo "$(VERSION)" > $(distdir)/VERSION gen_start_date = 2011-12-01T00:00:00 diff --git a/autogen.sh b/autogen.sh index ea3d5fc..7effd56 100755 --- a/autogen.sh +++ b/autogen.sh @@ -15,7 +15,7 @@ # configure it for the respective package. It is maintained as part of # GnuPG and source copied by other packages. # -# Version: 2014-01-10 +# Version: 2014-06-06 configure_ac="configure.ac" @@ -41,7 +41,7 @@ fatal () { info () { if [ -z "${SILENT}" ]; then - echo "autogen.sh:" "$*" + echo "autogen.sh:" "$*" >&2 fi } @@ -70,8 +70,11 @@ MSGMERGE=${GETTEXT_PREFIX}${MSGMERGE:-msgmerge}${GETTEXT_SUFFIX} DIE=no FORCE= SILENT= +PRINT_HOST=no +PRINT_BUILD=no tmp=$(dirname "$0") tsdir=$(cd "${tmp}"; pwd) +version_parts=3 if [ -n "${AUTOGEN_SH_SILENT}" ]; then SILENT=" --silent" @@ -88,6 +91,14 @@ if test x"$1" = x"--force"; then FORCE=" --force" shift fi +if test x"$1" = x"--print-host"; then + PRINT_HOST=yes + shift +fi +if test x"$1" = x"--print-build"; then + PRINT_BUILD=yes + shift +fi # Reject unsafe characters in $HOME, $tsdir and cwd. We consider spaces @@ -133,6 +144,11 @@ amd64_toolprefixes= myhost="" myhostsub="" case "$1" in + --find-version) + myhost="find-version" + SILENT=" --silent" + shift + ;; --build-w32) myhost="w32" shift @@ -172,16 +188,74 @@ if [ -f "$HOME/.gnupg-autogen.rc" ]; then . "$HOME/.gnupg-autogen.rc" fi + +# **** FIND VERSION **** +# This is a helper for the configure.ac M4 magic +# Called +# ./autogen.sh --find-version PACKAGE MAJOR MINOR [MICRO] +# returns a complete version string with automatic beta numbering. +if [ "$myhost" = "find-version" ]; then + package="$1" + major="$2" + minor="$3" + micro="$4" + + case "$version_parts" in + 2) + matchstr1="$package-$major.[0-9]*" + matchstr2="$package-$major-base" + vers="$major.$minor" + ;; + *) + matchstr1="$package-$major.$minor.[0-9]*" + matchstr2="$package-$major.$minor-base" + vers="$major.$minor.$micro" + ;; + esac + + beta=no + if [ -d .git ]; then + ingit=yes + tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null) + if [ -n "$tmp" ]; then + tmp=$(echo "$tmp"|awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}') + else + tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \ + | awk -F- '$4!=0{print"-beta"$4}') + fi + [ -n "$tmp" ] && beta=yes + rev=$(git rev-parse --short HEAD | tr -d '\n\r') + rvd=$((0x$(echo ${rev} | head -c 4))) + else + ingit=no + beta=yes + tmp="-unknown" + rev="0000000" + rvd="0" + fi + + echo "$package-$vers$tmp:$beta:$ingit:$vers$tmp:$vers:$tmp:$rev:$rvd:" + exit 0 +fi +# **** end FIND VERSION **** + + +if [ ! -f "$tsdir/build-aux/config.guess" ]; then + fatal "$tsdir/build-aux/config.guess not found" + exit 1 +fi +build=`$tsdir/build-aux/config.guess` +if [ $PRINT_BUILD = yes ]; then + echo "$build" + exit 0 +fi + + + # ****************** # W32 build script # ****************** if [ "$myhost" = "w32" ]; then - if [ ! -f "$tsdir/build-aux/config.guess" ]; then - fatal "$tsdir/build-aux/config.guess not found" - exit 1 - fi - build=`$tsdir/build-aux/config.guess` - case $myhostsub in ce) w32root="$w32ce_root" @@ -189,6 +263,12 @@ if [ "$myhost" = "w32" ]; then toolprefixes="$w32ce_toolprefixes arm-mingw32ce" extraoptions="$extraoptions $w32ce_extraoptions" ;; + 64) + w32root="$w64root" + [ -z "$w32root" ] && w32root="$HOME/w64root" + toolprefixes="$w64_toolprefixes x86_64-w64-mingw32" + extraoptions="$extraoptions $w64_extraoptions" + ;; *) [ -z "$w32root" ] && w32root="$HOME/w32root" toolprefixes="$w32_toolprefixes i686-w64-mingw32 i586-mingw32msvc" @@ -216,6 +296,10 @@ if [ "$myhost" = "w32" ]; then fi die_p fi + if [ $PRINT_HOST = yes ]; then + echo "$host" + exit 0 + fi if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then @@ -226,7 +310,7 @@ if [ "$myhost" = "w32" ]; then $tsdir/configure --enable-maintainer-mode ${SILENT} \ --prefix=${w32root} \ - --host=${host} --build=${build} \ + --host=${host} --build=${build} SYSROOT=${w32root} \ ${configure_opts} ${extraoptions} "$@" rc=$? exit $rc @@ -236,13 +320,6 @@ fi # ***** AMD64 cross build script ******* # Used to cross-compile for AMD64 (for testing) if [ "$myhost" = "amd64" ]; then - shift - if [ ! -f $tsdir/build-aux/config.guess ]; then - echo "$tsdir/build-aux/config.guess not found" >&2 - exit 1 - fi - build=`$tsdir/build-aux/config.guess` - [ -z "$amd64root" ] && amd64root="$HOME/amd64root" info "Using $amd64root as standard install directory" replace_sysroot @@ -263,6 +340,10 @@ if [ "$myhost" = "amd64" ]; then echo "Stop." >&2 exit 1 fi + if [ $PRINT_HOST = yes ]; then + echo "$host" + exit 0 + fi if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then diff --git a/configure.ac b/configure.ac index 85311aa..283b9a9 100644 --- a/configure.ac +++ b/configure.ac @@ -27,23 +27,23 @@ min_automake_version="1.10" # bump the version number immediately after the release and do another # commit and push so that the git magic is able to work. See below # for the LT versions. -m4_define(mym4_version, [1.3.2]) - -# Below is m4 magic to extract and compute the revision number, the -# decimalized short revision number, a beta version string, and a flag -# indicating a development version (mym4_isgit). Note that the m4 -# processing is done by autoconf and not during the configure run. -m4_define([mym4_revision], - m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r'])) -m4_define([mym4_revision_dec], - m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))])) -m4_define([mym4_betastring], - m4_esyscmd_s([git describe --match 'libksba-[0-9].*[0-9]' --long|\ - awk -F- '$3!=0{print"-beta"$3}'])) -m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) -m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) - -AC_INIT([libksba],[mym4_full_version],[http://bugs.gnupg.org]) +m4_define([mym4_package],[libksba]) +m4_define([mym4_major], [1]) +m4_define([mym4_minor], [3]) +m4_define([mym4_micro], [2]) + +# Below is m4 magic to extract and compute the git revision number, +# the decimalized short revision number, a beta version string and a +# flag indicating a development version (mym4_isbeta). Note that the +# m4 processing is done by autoconf and not during the configure run. +m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \ + mym4_package mym4_major mym4_minor mym4_micro),[:])) +m4_define([mym4_isbeta], m4_argn(2, mym4_verslist)) +m4_define([mym4_version], m4_argn(4, mym4_verslist)) +m4_define([mym4_revision], m4_argn(7, mym4_verslist)) +m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist)) +m4_esyscmd([echo ]mym4_version[>VERSION]) +AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # LT Version numbers: Remember to change them just *before* a release. # (Interfaces removed: CURRENT++, AGE=0, REVISION=0) commit 86570994c43f193912b1c2e8f71ae24c72ccfaf8 Author: Werner Koch Date: Tue Nov 25 12:23:18 2014 +0100 build: Update gpg-error.m4 and libgcrypt.m4 -- diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4 index 35cbc78..1661204 100644 --- a/m4/gpg-error.m4 +++ b/m4/gpg-error.m4 @@ -1,5 +1,5 @@ # gpg-error.m4 - autoconf macro to detect libgpg-error. -# Copyright (C) 2002, 2003, 2004, 2011 g10 Code GmbH +# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -8,38 +8,64 @@ # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Last-changed: 2014-10-02 + dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION, dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) -dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS +dnl +dnl Test for libgpg-error and define GPG_ERROR_CFLAGS, GPG_ERROR_LIBS, +dnl GPG_ERROR_MT_CFLAGS, and GPG_ERROR_MT_LIBS. The _MT_ variants are +dnl used for programs requireing real multi thread support. +dnl +dnl If a prefix option is not used, the config script is first +dnl searched in $SYSROOT/bin and then along $PATH. If the used +dnl config script does not match the host specification the script +dnl is added to the gpg_config_script_warn variable. dnl AC_DEFUN([AM_PATH_GPG_ERROR], [ AC_REQUIRE([AC_CANONICAL_HOST]) + gpg_error_config_prefix="" dnl --with-libgpg-error-prefix=PFX is the preferred name for this option, dnl since that is consistent with how our three siblings use the directory/ dnl package name in --with-$dir_name-prefix=PFX. AC_ARG_WITH(libgpg-error-prefix, - AC_HELP_STRING([--with-libgpg-error-prefix=PFX], - [prefix where GPG Error is installed (optional)]), - gpg_error_config_prefix="$withval", gpg_error_config_prefix="") + AC_HELP_STRING([--with-libgpg-error-prefix=PFX], + [prefix where GPG Error is installed (optional)]), + [gpg_error_config_prefix="$withval"]) dnl Accept --with-gpg-error-prefix and make it work the same as dnl --with-libgpg-error-prefix above, for backwards compatibility, dnl but do not document this old, inconsistently-named option. AC_ARG_WITH(gpg-error-prefix,, - gpg_error_config_prefix="$withval", gpg_error_config_prefix="") + [gpg_error_config_prefix="$withval"]) - if test x$gpg_error_config_prefix != x ; then - if test x${GPG_ERROR_CONFIG+set} != xset ; then - GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config + if test x"${GPG_ERROR_CONFIG}" = x ; then + if test x"${gpg_error_config_prefix}" != x ; then + GPG_ERROR_CONFIG="${gpg_error_config_prefix}/bin/gpg-error-config" + else + case "${SYSROOT}" in + /*) + if test -x "${SYSROOT}/bin/gpg-error-config" ; then + GPG_ERROR_CONFIG="${SYSROOT}/bin/gpg-error-config" + fi + ;; + '') + ;; + *) + AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.]) + ;; + esac fi fi - AC_PATH_TOOL(GPG_ERROR_CONFIG, gpg-error-config, no) + AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no) min_gpg_error_version=ifelse([$1], ,0.0,$1) AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) ok=no - if test "$GPG_ERROR_CONFIG" != "no" ; then + if test "$GPG_ERROR_CONFIG" != "no" \ + && test -f "$GPG_ERROR_CONFIG" ; then req_major=`echo $min_gpg_error_version | \ sed 's/$[[0-9]]*$\.$[[0-9]]*$/\1/'` req_minor=`echo $min_gpg_error_version | \ @@ -62,6 +88,8 @@ AC_DEFUN([AM_PATH_GPG_ERROR], if test $ok = yes; then GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` + GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --cflags 2>/dev/null` + GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs 2>/dev/null` AC_MSG_RESULT([yes ($gpg_error_config_version)]) ifelse([$2], , :, [$2]) gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` @@ -73,16 +101,21 @@ AC_DEFUN([AM_PATH_GPG_ERROR], *** built for $gpg_error_config_host and thus may not match the *** used host $host. *** You may want to use the configure option --with-gpg-error-prefix -*** to specify a matching config script. +*** to specify a matching config script or use \$SYSROOT. ***]]) + gpg_config_script_warn="$gpg_config_script_warn libgpg-error" fi fi else GPG_ERROR_CFLAGS="" GPG_ERROR_LIBS="" + GPG_ERROR_MT_CFLAGS="" + GPG_ERROR_MT_LIBS="" AC_MSG_RESULT(no) ifelse([$3], , :, [$3]) fi AC_SUBST(GPG_ERROR_CFLAGS) AC_SUBST(GPG_ERROR_LIBS) + AC_SUBST(GPG_ERROR_MT_CFLAGS) + AC_SUBST(GPG_ERROR_MT_LIBS) ]) diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4 index 6cf482f..c67cfec 100644 --- a/m4/libgcrypt.m4 +++ b/m4/libgcrypt.m4 @@ -1,13 +1,15 @@ -dnl Autoconf macros for libgcrypt -dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc. -dnl -dnl This file is free software; as a special exception the author gives -dnl unlimited permission to copy and/or distribute it, with or without -dnl modifications, as long as this notice is preserved. -dnl -dnl This file is distributed in the hope that it will be useful, but -dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# libgcrypt.m4 - Autoconf macros to detect libgcrypt +# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Last-changed: 2014-10-02 dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, @@ -20,19 +22,37 @@ dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using dnl this features allows to prevent build against newer versions of libgcrypt dnl with a changed API. dnl +dnl If a prefix option is not used, the config script is first +dnl searched in $SYSROOT/bin and then along $PATH. If the used +dnl config script does not match the host specification the script +dnl is added to the gpg_config_script_warn variable. +dnl AC_DEFUN([AM_PATH_LIBGCRYPT], [ AC_REQUIRE([AC_CANONICAL_HOST]) AC_ARG_WITH(libgcrypt-prefix, AC_HELP_STRING([--with-libgcrypt-prefix=PFX], [prefix where LIBGCRYPT is installed (optional)]), libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") - if test x$libgcrypt_config_prefix != x ; then - if test x${LIBGCRYPT_CONFIG+set} != xset ; then - LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config + if test x"${LIBGCRYPT_CONFIG}" = x ; then + if test x"${libgcrypt_config_prefix}" != x ; then + LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config" + else + case "${SYSROOT}" in + /*) + if test -x "${SYSROOT}/bin/libgcrypt-config" ; then + LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config" + fi + ;; + '') + ;; + *) + AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.]) + ;; + esac fi fi - AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no) + AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) tmp=ifelse([$1], ,1:1.2.0,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then req_libgcrypt_api=`echo "$tmp" | sed 's/$.*$:$.*$/\1/'` @@ -108,8 +128,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], *** built for $libgcrypt_config_host and thus may not match the *** used host $host. *** You may want to use the configure option --with-libgcrypt-prefix -*** to specify a matching config script. +*** to specify a matching config script or use \$SYSROOT. ***]]) + gpg_config_script_warn="$gpg_config_script_warn libgcrypt" fi fi else commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7 Author: Werner Koch Date: Tue Nov 25 11:47:28 2014 +0100 Fix buffer overflow in ksba_oid_to_str. * src/oid.c (ksba_oid_to_str): Fix unsigned underflow. * tests/Makefile.am (noinst_PROGRAMS): Move t-oid to .. (TESTS): here. * tests/t-oid.c (test_oid_to_str): New. (main): Run the new tests by default. The former functionality requires the use of one of the new options. -- The code has an obvious error by not considering invalid encoding for arc-2. A first byte of 0x80 can be used to make a value of less then 80 and we then subtract 80 from that value as required by the OID encoding rules. Due to the unsigned integer this results in a pretty long value which won't fit anymore into the allocated buffer. The fix is obvious. Also added a few simple test cases. Note that we keep on using sprintf instead of snprintf because managing the remaining length of the buffer would probably be more error prone than assuring that the buffer is large enough. Getting rid of sprintf altogether by using direct conversion along with membuf_t like code might be possible. Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/src/oid.c b/src/oid.c index d98f740..9061a4a 100644 --- a/src/oid.c +++ b/src/oid.c @@ -94,6 +94,8 @@ ksba_oid_to_str (const char *buffer, size_t length) val <<= 7; val |= buf[n] & 0x7f; } + if (val < 80) + goto badoid; val -= 80; sprintf (p, "2.%lu", val); p += strlen (p); diff --git a/tests/Makefile.am b/tests/Makefile.am index bb32172..759b626 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -39,13 +39,13 @@ EXTRA_DIST = $(test_certs) samples/README mkoidtbl.awk BUILT_SOURCES = oidtranstbl.h CLEANFILES = oidtranstbl.h -TESTS = cert-basic t-crl-parser t-dnparser +TESTS = cert-basic t-crl-parser t-dnparser t-oid AM_CFLAGS = $(GPG_ERROR_CFLAGS) AM_LDFLAGS = -no-install noinst_HEADERS = t-common.h -noinst_PROGRAMS = $(TESTS) t-cms-parser t-crl-parser t-dnparser t-ocsp t-oid +noinst_PROGRAMS = $(TESTS) t-cms-parser t-crl-parser t-dnparser t-ocsp LDADD = ../src/libksba.la $(GPG_ERROR_LIBS) t_ocsp_SOURCES = t-ocsp.c sha1.c diff --git a/tests/t-dnparser.c b/tests/t-dnparser.c index c8d4b0d..ef4ab5d 100644 --- a/tests/t-dnparser.c +++ b/tests/t-dnparser.c @@ -143,7 +143,7 @@ main (int argc, char **argv) if (!feof (stdin)) fail ("read error or input too large"); - fail ("no yet implemented"); + fail ("not yet implemented"); } else if (argc == 2 && !strcmp (argv[1], "--to-der") ) diff --git a/tests/t-oid.c b/tests/t-oid.c index 95fc7f5..be68d52 100644 --- a/tests/t-oid.c +++ b/tests/t-oid.c @@ -27,6 +27,9 @@ #include "../src/ksba.h" +#define PGM "t-oid" +#define BADOID "1.3.6.1.4.1.11591.2.12242973" + static void * read_into_buffer (FILE *fp, size_t *r_length) @@ -68,23 +71,104 @@ read_into_buffer (FILE *fp, size_t *r_length) } +static void +test_oid_to_str (void) +{ + struct { + unsigned int binlen; + unsigned char *bin; + char *str; + } tests[] = { + + { 7, "\x02\x82\x06\x01\x0A\x0C\x00", + "0.2.262.1.10.12.0" + }, + { 7, "\x02\x82\x06\x01\x0A\x0C\x01", + "0.2.262.1.10.12.1" + }, + { 7, "\x2A\x86\x48\xCE\x38\x04\x01", + "1.2.840.10040.4.1" + }, + { 7, "\x2A\x86\x48\xCE\x38\x04\x03", + "1.2.840.10040.4.3" + }, + { 10, "\x2B\x06\x01\x04\x01\xDA\x47\x02\x01\x01", + "1.3.6.1.4.1.11591.2.1.1" + }, + { 3, "\x55\x1D\x0E", + "2.5.29.14" + }, + { 9, "\x80\x02\x70\x50\x25\x46\xfd\x0c\xc0", + BADOID + }, + { 1, "\x80", + BADOID + }, + { 2, "\x81\x00", + "2.48" + }, + { 2, "\x81\x01", + "2.49" + }, + { 2, "\x81\x7f", + "2.175" + }, + { 2, "\x81\x80", /* legal encoding? */ + "2.48" + }, + { 2, "\x81\x81\x01", /* legal encoding? */ + "2.49" + }, + { 0, "", + "" + }, + + { 0, NULL, NULL } + }; + int tidx; + char *str; + + for (tidx=0; tests[tidx].bin; tidx++) + { + str = ksba_oid_to_str (tests[tidx].bin, tests[tidx].binlen); + if (!str) + { + perror ("ksba_oid_to_str failed"); + exit (1); + } + if (strcmp (tests[tidx].str, str)) + { + fprintf (stderr, "ksba_oid_to_str test %d failed\n", tidx); + fprintf (stderr, " got=%s\n", str); + fprintf (stderr, " want=%s\n", tests[tidx].str); + exit (1); + } + } +} + int main (int argc, char **argv) { gpg_error_t err; + if (argc) { argc--; argv++; } - if (argc) + + if (!argc) + { + test_oid_to_str (); + } + else if (!strcmp (*argv, "--from-str")) { unsigned char *buffer; size_t n, buflen; - for ( ;argc ; argc--, argv++) + for (argv++,argc-- ; argc; argc--, argv++) { err = ksba_oid_from_str (*argv, &buffer, &buflen); if (err) @@ -100,18 +184,25 @@ main (int argc, char **argv) free (buffer); } } - else + else if (!strcmp (*argv, "--to-str")) { char *buffer; size_t buflen; char *result; + argv++;argc--; + buffer = read_into_buffer (stdin, &buflen); result = ksba_oid_to_str (buffer, buflen); free (buffer); printf ("%s\n", result? result:"[malloc failed]"); free (result); } + else + { + fputs ("usage: "PGM" [--from-str|--to-str]\n", stderr); + return 1; + } return 0; } ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 + Makefile.am | 1 - NEWS | 8 +++- autogen.sh | 113 ++++++++++++++++++++++++++++++++++++++++++++-------- configure.ac | 36 ++++++++--------- m4/gpg-error.m4 | 57 ++++++++++++++++++++------ m4/libgcrypt.m4 | 51 +++++++++++++++++------- src/oid.c | 2 + tests/Makefile.am | 4 +- tests/t-dnparser.c | 2 +- tests/t-oid.c | 97 ++++++++++++++++++++++++++++++++++++++++++-- 11 files changed, 303 insertions(+), 69 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 25 12:47:06 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Nov 2014 12:47:06 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-44-g8445ef2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8445ef24fc31e1fe0291e17f90f9f06b536e34da (commit) from 28dafd4714a9b01d3a6f1e6e5919bf6f909987c7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8445ef24fc31e1fe0291e17f90f9f06b536e34da Author: Werner Koch Date: Tue Nov 25 11:58:56 2014 +0100 Fix buffer overflow in openpgp_oid_to_str. * common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow. * common/t-openpgp-oid.c (BADOID): New. (test_openpgp_oid_to_str): Add test cases. -- The code has an obvious error by not considering invalid encoding for arc-2. A first byte of 0x80 can be used to make a value of less then 80 and we then subtract 80 from that value as required by the OID encoding rules. Due to the unsigned integer this results in a pretty long value which won't fit anymore into the allocated buffer. The fix is obvious. Also added a few simple test cases. Note that we keep on using sprintf instead of snprintf because managing the remaining length of the buffer would probably be more error prone than assuring that the buffer is large enough. Getting rid of sprintf altogether by using direct conversion along with membuf_t like code might be possible. Reported-by: Hanno B?ck Signed-off-by: Werner Koch Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7 diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index 010c23f..d3d1f2a 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -236,6 +236,8 @@ openpgp_oid_to_str (gcry_mpi_t a) val <<= 7; val |= buf[n] & 0x7f; } + if (val < 80) + goto badoid; val -= 80; sprintf (p, "2.%lu", val); p += strlen (p); diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c index 79e5a70..5cd778d 100644 --- a/common/t-openpgp-oid.c +++ b/common/t-openpgp-oid.c @@ -32,6 +32,9 @@ } while(0) +#define BADOID "1.3.6.1.4.1.11591.2.12242973" + + static void test_openpgp_oid_from_str (void) { @@ -108,6 +111,12 @@ test_openpgp_oid_to_str (void) { "1.3.132.0.35", { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }}, + { BADOID, + { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }}, + + { BADOID, + { 1, 0x80 }}, + { NULL }}; gcry_mpi_t a; int idx; ----------------------------------------------------------------------- Summary of changes: common/openpgp-oid.c | 2 ++ common/t-openpgp-oid.c | 9 +++++++++ 2 files changed, 11 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 26 10:20:30 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 26 Nov 2014 10:20:30 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-45-g1c21403 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1c2140346d6ef9c35e303099d2d15be57869b4d5 (commit) from 8445ef24fc31e1fe0291e17f90f9f06b536e34da (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1c2140346d6ef9c35e303099d2d15be57869b4d5 Author: Werner Koch Date: Wed Nov 26 10:21:01 2014 +0100 gpg: Change a bug() call to a regular error message. * g10/decrypt-data.c (decrypt_data): Return an error code instead of calling BUG(). -- This code path can be triggered by fuzzing gpg and thus with some likeness also by corrupt messages for other reasons. diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 9c6ae73..03d38c9 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -130,7 +130,12 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) log_fatal ("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; if ( ed->len && ed->len < (nprefix+2) ) - BUG(); + { + /* An invalid message. We can't check that during parsing + because we may not know the used cipher then. */ + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } if ( ed->mdc_method ) { ----------------------------------------------------------------------- Summary of changes: g10/decrypt-data.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 26 11:27:22 2014 From: cvs at cvs.gnupg.org (by Мирослав Николић) Date: Wed, 26 Nov 2014 11:27:22 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.17-8-g210126d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 210126d38096e764dd3a82da45f8b5f66309ecd5 (commit) from 40c6c7e857bb7fce2abbd0c5d3e6dd66446cb435 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 210126d38096e764dd3a82da45f8b5f66309ecd5 Author: ???????? ??????? Date: Wed Nov 26 11:25:39 2014 +0100 po: Add Serbian translation. diff --git a/po/LINGUAS b/po/LINGUAS index 9b1b405..13c2a36 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -9,6 +9,7 @@ ja nl pl ro +sr sv uk vi diff --git a/po/sr.po b/po/sr.po new file mode 100644 index 0000000..4a5c9d5 --- /dev/null +++ b/po/sr.po @@ -0,0 +1,798 @@ +# Serbian translation for libgpg-error. +# Copyright (C) 2014 Free Software Foundation, Inc. +# This file is distributed under the same license as the libgpg-error package. +# ???????? ??????? , 2014. +msgid "" +msgstr "" +"Project-Id-Version: libgpg-error-1.7\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" +"PO-Revision-Date: 2014-11-03 11:42+0200\n" +"Last-Translator: ???????? ??????? \n" +"Language-Team: Serbian <(nothing)>\n" +"Language: sr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +msgid "Unspecified source" +msgstr "?????????? ?????" + +msgid "gcrypt" +msgstr "??????" + +msgid "GnuPG" +msgstr "?????" + +msgid "GpgSM" +msgstr "?????" + +msgid "GPG Agent" +msgstr "??? ?????" + +msgid "Pinentry" +msgstr "???? ????" + +msgid "SCD" +msgstr "???" + +msgid "GPGME" +msgstr "?????" + +msgid "Keybox" +msgstr "???? ?????" + +msgid "KSBA" +msgstr "????" + +msgid "Dirmngr" +msgstr "???????? ?????????????" + +msgid "GSTI" +msgstr "????" + +msgid "GPA" +msgstr "???" + +msgid "Kleopatra" +msgstr "?????????" + +msgid "Any source" +msgstr "???? ???? ?????" + +msgid "User defined source 1" +msgstr "1. ?????????? ?????" + +msgid "User defined source 2" +msgstr "2. ?????????? ?????" + +msgid "User defined source 3" +msgstr "3. ?????????? ?????" + +msgid "User defined source 4" +msgstr "4. ?????????? ?????" + +msgid "Unknown source" +msgstr "???????? ?????" + +msgid "Success" +msgstr "???????" + +msgid "General error" +msgstr "????? ??????" + +msgid "Unknown packet" +msgstr "???????? ?????" + +msgid "Unknown version in packet" +msgstr "????????? ?????? ? ??????" + +msgid "Invalid public key algorithm" +msgstr "?????????? ????????? ?????? ?????" + +msgid "Invalid digest algorithm" +msgstr "???????? ????????? ??????????" + +msgid "Bad public key" +msgstr "??? ????? ????" + +msgid "Bad secret key" +msgstr "??? ????? ????" + +msgid "Bad signature" +msgstr "??? ??????" + +msgid "No public key" +msgstr "???? ?????? ?????" + +msgid "Checksum error" +msgstr "?????? ??????? ????" + +msgid "Bad passphrase" +msgstr "???? ???????? ???" + +msgid "Invalid cipher algorithm" +msgstr "?????????? ????????? ?????????" + +msgid "Keyring open" +msgstr "???????? ??????? ?? ???????" + +msgid "Invalid packet" +msgstr "?????????? ?????" + +msgid "Invalid armor" +msgstr "?????????? ????" + +msgid "No user ID" +msgstr "???? ??-? ?????????" + +msgid "No secret key" +msgstr "???? ?????? ?????" + +msgid "Wrong secret key used" +msgstr "???????? ?? ???????? ????? ????" + +msgid "Bad session key" +msgstr "??? ???? ??????" + +msgid "Unknown compression algorithm" +msgstr "???????? ????????? ????????" + +msgid "Number is not prime" +msgstr "???? ???? ?????" + +msgid "Invalid encoding method" +msgstr "?????????? ????? ????????" + +msgid "Invalid encryption scheme" +msgstr "?????????? ???? ?????????" + +msgid "Invalid signature scheme" +msgstr "?????????? ???? ???????" + +msgid "Invalid attribute" +msgstr "?????????? ???????" + +msgid "No value" +msgstr "???? ?????????" + +msgid "Not found" +msgstr "????? ????????" + +msgid "Value not found" +msgstr "????? ???????? ????????" + +msgid "Syntax error" +msgstr "????????? ??????" + +msgid "Bad MPI value" +msgstr "???? ??? ????????" + +msgid "Invalid passphrase" +msgstr "?????????? ???????? ???" + +msgid "Invalid signature class" +msgstr "?????????? ?????? ???????" + +msgid "Resources exhausted" +msgstr "????????? ?? ?????????" + +msgid "Invalid keyring" +msgstr "?????????? ?????? ?????" + +msgid "Trust DB error" +msgstr "?????? ???????? ??-?" + +msgid "Bad certificate" +msgstr "??? ???????" + +msgid "Invalid user ID" +msgstr "?????????? ??-? ?????????" + +msgid "Unexpected error" +msgstr "??????????? ??????" + +msgid "Time conflict" +msgstr "????? ???????" + +msgid "Keyserver error" +msgstr "?????? ??????? ?????" + +msgid "Wrong public key algorithm" +msgstr "???????? ????????? ?????? ?????" + +msgid "Tribute to D. A." +msgstr "? ???? ?. ?." + +msgid "Weak encryption key" +msgstr "???? ???? ?????????" + +msgid "Invalid key length" +msgstr "?????????? ?????? ?????" + +msgid "Invalid argument" +msgstr "?????????? ????????" + +msgid "Syntax error in URI" +msgstr "?????? ?????? ? ??????" + +msgid "Invalid URI" +msgstr "?????????? ??????" + +msgid "Network error" +msgstr "?????? ?????" + +msgid "Unknown host" +msgstr "???????? ???????" + +msgid "Selftest failed" +msgstr "????????? ???? ??????" + +msgid "Data not encrypted" +msgstr "?????? ???? ?????????" + +msgid "Data not processed" +msgstr "?????? ???? ????????" + +msgid "Unusable public key" +msgstr "???????????? ????? ????" + +msgid "Unusable secret key" +msgstr "???????????? ????? ????" + +msgid "Invalid value" +msgstr "?????????? ????????" + +msgid "Bad certificate chain" +msgstr "??? ????? ???????" + +msgid "Missing certificate" +msgstr "????????? ???????" + +msgid "No data" +msgstr "???? ????????" + +msgid "Bug" +msgstr "??????" + +msgid "Not supported" +msgstr "???? ????????" + +msgid "Invalid operation code" +msgstr "?????????? ????? ?????" + +msgid "Timeout" +msgstr "????? ?? ???????" + +msgid "Internal error" +msgstr "????????? ??????" + +msgid "EOF (gcrypt)" +msgstr "??? (gcrypt)" + +msgid "Invalid object" +msgstr "?????????? ???????" + +msgid "Provided object is too short" +msgstr "?????????? ??????? ?? ?????????" + +msgid "Provided object is too large" +msgstr "?????????? ??????? ?? ??????" + +msgid "Missing item in object" +msgstr "????????? ?????? ? ????????" + +msgid "Not implemented" +msgstr "???? ?????????" + +msgid "Conflicting use" +msgstr "???????? ????????" + +msgid "Invalid cipher mode" +msgstr "?????????? ??? ???????" + +msgid "Invalid flag" +msgstr "?????????? ??????" + +msgid "Invalid handle" +msgstr "?????????? ?????" + +msgid "Result truncated" +msgstr "???????? ?? ???????" + +msgid "Incomplete line" +msgstr "???????? ???" + +msgid "Invalid response" +msgstr "?????????? ???????" + +msgid "No agent running" +msgstr "???? ?????????? ??????" + +msgid "agent error" +msgstr "?????? ??????" + +msgid "Invalid data" +msgstr "?????????? ??????" + +msgid "Unspecific Assuan server fault" +msgstr "???????? ??????? ????? ???????" + +msgid "General Assuan error" +msgstr "????? ?????? ??????" + +msgid "Invalid session key" +msgstr "?????????? ???? ??????" + +msgid "Invalid S-expression" +msgstr "?????????? ?-?????" + +msgid "Unsupported algorithm" +msgstr "?????????? ?????????" + +msgid "No pinentry" +msgstr "???? ????? ????" + +msgid "pinentry error" +msgstr "?????? ????? ????" + +msgid "Bad PIN" +msgstr "??? ???" + +msgid "Invalid name" +msgstr "?????????? ?????" + +msgid "Bad data" +msgstr "???? ??????" + +msgid "Invalid parameter" +msgstr "?????????? ?????????" + +msgid "Wrong card" +msgstr "???? ???????" + +msgid "No dirmngr" +msgstr "???? ????????? ??????????????" + +msgid "dirmngr error" +msgstr "?????? ????????? ??????????????" + +msgid "Certificate revoked" +msgstr "??????? ?? ????????" + +msgid "No CRL known" +msgstr "???? ???????? ???-?" + +msgid "CRL too old" +msgstr "??? ?? ???????" + +msgid "Line too long" +msgstr "??? ?? ??????" + +msgid "Not trusted" +msgstr "???? ?? ????????" + +msgid "Operation cancelled" +msgstr "????? ?? ????????" + +msgid "Bad CA certificate" +msgstr "???? ??????? ????????" + +msgid "Certificate expired" +msgstr "??????? ?? ???????" + +msgid "Certificate too young" +msgstr "??????? ?? ??????? ????" + +msgid "Unsupported certificate" +msgstr "?????????? ???????" + +msgid "Unknown S-expression" +msgstr "???????? ?-?????" + +msgid "Unsupported protection" +msgstr "?????????? ???????" + +msgid "Corrupted protection" +msgstr "???????? ???????" + +msgid "Ambiguous name" +msgstr "??????? ?????" + +msgid "Card error" +msgstr "?????? ???????" + +msgid "Card reset required" +msgstr "???????? ?? ??????? ?????????? ???????" + +msgid "Card removed" +msgstr "??????? ?? ????????" + +msgid "Invalid card" +msgstr "?????????? ???????" + +msgid "Card not present" +msgstr "??????? ???? ????????" + +msgid "No PKCS15 application" +msgstr "???? ????15 ????????" + +msgid "Not confirmed" +msgstr "???? ?????????" + +msgid "Configuration error" +msgstr "?????? ??????????" + +msgid "No policy match" +msgstr "???? ???????????? ????????" + +msgid "Invalid index" +msgstr "?????????? ??????" + +msgid "Invalid ID" +msgstr "?????????? ??" + +msgid "No SmartCard daemon" +msgstr "???? ????????? ??????? ???????" + +msgid "SmartCard daemon error" +msgstr "?????? ????????? ??????? ???????" + +msgid "Unsupported protocol" +msgstr "????????? ????????" + +msgid "Bad PIN method" +msgstr "??? ????? ???-?" + +msgid "Card not initialized" +msgstr "??????? ???? ?????????" + +msgid "Unsupported operation" +msgstr "?????????? ?????" + +msgid "Wrong key usage" +msgstr "???????? ???????? ?????" + +msgid "Nothing found" +msgstr "????? ????? ?????" + +msgid "Wrong blob type" +msgstr "???????? ????? ????-?" + +msgid "Missing value" +msgstr "????????? ????????" + +msgid "Hardware problem" +msgstr "?????????? ???????" + +msgid "PIN blocked" +msgstr "??? ?? ????????" + +msgid "Conditions of use not satisfied" +msgstr "?????? ????????? ???? ??????????" + +msgid "PINs are not synced" +msgstr "???-??? ???? ??????????" + +msgid "Invalid CRL" +msgstr "?????????? ???" + +msgid "BER error" +msgstr "?????? ???-?" + +msgid "Invalid BER" +msgstr "?????????? ???" + +msgid "Element not found" +msgstr "????? ???????? ???????" + +msgid "Identifier not found" +msgstr "????? ???????? ?????????" + +msgid "Invalid tag" +msgstr "?????????? ??????" + +msgid "Invalid length" +msgstr "?????????? ??????" + +msgid "Invalid key info" +msgstr "?????????? ?????? ?????" + +msgid "Unexpected tag" +msgstr "??????????? ??????" + +msgid "Not DER encoded" +msgstr "???? ???????? ???-??" + +msgid "No CMS object" +msgstr "???? ??? ???????" + +msgid "Invalid CMS object" +msgstr "?????????? ??? ???????" + +msgid "Unknown CMS object" +msgstr "???????? ??? ???????" + +msgid "Unsupported CMS object" +msgstr "????????? ??? ???????" + +msgid "Unsupported encoding" +msgstr "?????????? ????????" + +msgid "Unsupported CMS version" +msgstr "?????????? ??? ??????" + +msgid "Unknown algorithm" +msgstr "???????? ?????????" + +msgid "Invalid crypto engine" +msgstr "?????????? ????? ?????????" + +msgid "Public key not trusted" +msgstr "????? ???? ???? ????????" + +msgid "Decryption failed" +msgstr "??????????? ???? ??????" + +msgid "Key expired" +msgstr "???? ?? ???????" + +msgid "Signature expired" +msgstr "?????? ?? ???????" + +msgid "Encoding problem" +msgstr "??????? ????????" + +msgid "Invalid state" +msgstr "?????????? ?????" + +msgid "Duplicated value" +msgstr "???????????? ????????" + +msgid "Missing action" +msgstr "????????? ?????" + +msgid "ASN.1 module not found" +msgstr "????? ???????? ????? ???.1" + +msgid "Invalid OID string" +msgstr "?????????? ??? ?????" + +msgid "Invalid time" +msgstr "?????????? ?????" + +msgid "Invalid CRL object" +msgstr "?????????? ??? ???????" + +msgid "Unsupported CRL version" +msgstr "?????????? ??? ??????" + +msgid "Invalid certificate object" +msgstr "?????????? ??????? ???????" + +msgid "Unknown name" +msgstr "???????? ?????" + +msgid "A locale function failed" +msgstr "??????? ???????? ???? ??????" + +msgid "Not locked" +msgstr "???? ?????????" + +msgid "Protocol violation" +msgstr "?????? ?????????" + +msgid "Invalid MAC" +msgstr "?????????? ???" + +msgid "Invalid request" +msgstr "?????????? ??????" + +msgid "Unknown extension" +msgstr "????????? ?????????" + +msgid "Unknown critical extension" +msgstr "???????? ???????? ?????" + +msgid "Locked" +msgstr "?????????" + +msgid "Unknown option" +msgstr "????????? ??????" + +msgid "Unknown command" +msgstr "????????? ???????" + +msgid "Not operational" +msgstr "???? ??????????" + +msgid "No passphrase given" +msgstr "???? ???? ???????? ???" + +msgid "No PIN given" +msgstr "???? ??? ???" + +msgid "Operation not yet finished" +msgstr "????? ???? ??? ????????" + +msgid "Buffer too short" +msgstr "???????????? ?? ?????????" + +msgid "Invalid length specifier in S-expression" +msgstr "?????????? ???????? ?????? ? ?-??????" + +msgid "String too long in S-expression" +msgstr "????? ?? ??????? ? ?-??????" + +msgid "Unmatched parentheses in S-expression" +msgstr "?????????????? ??????? ? ?-??????" + +msgid "S-expression not canonical" +msgstr "?-????? ???? ????????" + +msgid "Bad character in S-expression" +msgstr "??? ???? ? ?-??????" + +msgid "Bad quotation in S-expression" +msgstr "???? ???????? ? ?-??????" + +msgid "Zero prefix in S-expression" +msgstr "????? ??????? ? ?-??????" + +msgid "Nested display hints in S-expression" +msgstr "???????? ?????? ??????? ? ?-??????" + +msgid "Unmatched display hints" +msgstr "?????????????? ?????? ???????" + +msgid "Unexpected reserved punctuation in S-expression" +msgstr "??????????? ??????????? ????? ? ?-??????" + +msgid "Bad hexadecimal character in S-expression" +msgstr "??? ?????????????? ???? ? ?-??????" + +msgid "Odd hexadecimal numbers in S-expression" +msgstr "??????? ?????????????? ??????? ? ?-??????" + +msgid "Bad octadecimal character in S-expression" +msgstr "??? ????????????? ???? ? ?-??????" + +msgid "General IPC error" +msgstr "????? ?????? ???-?" + +msgid "IPC accept call failed" +msgstr "?????????? ?????? ???-? ???? ??????" + +msgid "IPC connect call failed" +msgstr "?????????? ?????? ???-? ???? ??????" + +msgid "Invalid IPC response" +msgstr "?????????? ??? ???????" + +msgid "Invalid value passed to IPC" +msgstr "?????????? ???????? ?????????? ???-?" + +msgid "Incomplete line passed to IPC" +msgstr "???????? ??? ?? ????????? ???-?" + +msgid "Line passed to IPC too long" +msgstr "??? ????????? ???-? ?? ??????" + +msgid "Nested IPC commands" +msgstr "???????? ??? ???????" + +msgid "No data callback in IPC" +msgstr "???? ??????? ???????? ? ???-?" + +msgid "No inquire callback in IPC" +msgstr "???? ??????? ??????????? ? ???-?" + +msgid "Not an IPC server" +msgstr "???? ??? ??????" + +msgid "Not an IPC client" +msgstr "???? ??? ???????" + +msgid "Problem starting IPC server" +msgstr "??????? ????????? ??? ???????" + +msgid "IPC read error" +msgstr "?????? ?????? ???-?" + +msgid "IPC write error" +msgstr "?????? ?????? ???-?" + +msgid "Too much data for IPC layer" +msgstr "??????? ???????? ?? ??? ????" + +msgid "Unexpected IPC command" +msgstr "??????????? ??? ???????" + +msgid "Unknown IPC command" +msgstr "????????? ??? ???????" + +msgid "IPC syntax error" +msgstr "????????? ?????? ???-?" + +msgid "IPC call has been cancelled" +msgstr "??? ????? ?? ???????" + +msgid "No input source for IPC" +msgstr "???? ?????? ????? ?? ???" + +msgid "No output source for IPC" +msgstr "???? ?????? ?????? ?? ???" + +msgid "IPC parameter error" +msgstr "?????? ????????? ???-?" + +msgid "Unknown IPC inquire" +msgstr "????????? ??????????? ???-?" + +msgid "User defined error code 1" +msgstr "1. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 2" +msgstr "2. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 3" +msgstr "3. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 4" +msgstr "4. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 5" +msgstr "5. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 6" +msgstr "6. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 7" +msgstr "7. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 8" +msgstr "8. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 9" +msgstr "9. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 10" +msgstr "10. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 11" +msgstr "11. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 12" +msgstr "12. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 13" +msgstr "13. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 14" +msgstr "14. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 15" +msgstr "15. ??? ?????? ???? ?? ??????? ????????" + +msgid "User defined error code 16" +msgstr "16. ??? ?????? ???? ?? ??????? ????????" + +msgid "System error w/o errno" +msgstr "???? ?/? ?????? ????????? ??????" + +msgid "Unknown system error" +msgstr "????????? ?????? ???????" + +msgid "End of file" +msgstr "???? ????????" + +msgid "Unknown error code" +msgstr "???????? ??? ??????" + +#, c-format +msgid "Usage: %s GPG-ERROR [...]\n" +msgstr "????????: %s GPG-ERROR [...]\n" + +#, c-format +msgid "%s: warning: could not recognize %s\n" +msgstr "%s: ?????????: ?? ???? ?? ????????? ?%s?\n" ----------------------------------------------------------------------- Summary of changes: po/LINGUAS | 1 + po/sr.po | 798 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 799 insertions(+) create mode 100644 po/sr.po hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 27 20:41:15 2014 From: cvs at cvs.gnupg.org (by Мирослав Николић) Date: Thu, 27 Nov 2014 20:41:15 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-48-gf173cdc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f173cdcdfbfd083b035516a406c2c754f38a0ace (commit) via ccee34736b57a42ec4bdcb0d3181bdc6a08b0fff (commit) via 68a7ccc0c870cce6ab9fefb1aa6fd100e1de129b (commit) from 1c2140346d6ef9c35e303099d2d15be57869b4d5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f173cdcdfbfd083b035516a406c2c754f38a0ace Author: ???????? ??????? Date: Thu Nov 27 20:41:37 2014 +0100 gpg-agent: Add restricted connection feature. * agent/agent.h (opt): Add field extra_socket. (server_control_s): Add field restricted. * agent/command.c: Check restricted flag on many commands. * agent/gpg-agent.c (oExtraSocket): New. (opts): Add option --extra-socket. (socket_name_extra): New. (cleanup): Cleanup that socket name. (main): Implement oExtraSocket. (create_socket_name): Add arg homedir and change all callers. (create_server_socket): Rename arg is_ssh to primary and change callers. (start_connection_thread): Take ctrl as arg. (start_connection_thread_std): New. (start_connection_thread_extra): New. (handle_connections): Add arg listen_fd_extra and replace the connection starting code by parameterized loop. * common/asshelp.c (start_new_gpg_agent): Detect the use of the restricted mode and don't fail on sending the pinentry environment. * common/util.h (GPG_ERR_FORBIDDEN): New. diff --git a/agent/agent.h b/agent/agent.h index b80c6a0..0c83b27 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -130,6 +130,11 @@ struct /* This global option enables the ssh-agent subsystem. */ int ssh_support; + + /* This global options indicates the use of an extra socket. Note + that we use a hack for cleanup handling in gpg-agent.c: If the + value is less than 2 the name has not yet been malloced. */ + int extra_socket; } opt; @@ -171,6 +176,9 @@ struct server_control_s gnupg_fd_t fd; } thread_startup; + /* Flag indicating the connection is run in restricted mode. */ + int restricted; + /* Private data of the server (command.c). */ struct server_local_s *server_local; diff --git a/agent/command.c b/agent/command.c index 11bfbeb..3e80663 100644 --- a/agent/command.c +++ b/agent/command.c @@ -502,6 +502,9 @@ cmd_geteventcounter (assuan_context_t ctx, char *line) (void)line; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + return agent_print_status (ctrl, "EVENTCOUNTER", "%u %u %u", eventcounter.any, eventcounter.key, @@ -577,10 +580,14 @@ static const char hlp_listtrusted[] = static gpg_error_t cmd_listtrusted (assuan_context_t ctx, char *line) { + ctrl_t ctrl = assuan_get_pointer (ctx); int rc; (void)line; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + rc = agent_listtrusted (ctx); return leave_cmd (ctx, rc); } @@ -599,6 +606,9 @@ cmd_marktrusted (assuan_context_t ctx, char *line) char fpr[41]; int flag; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + /* parse the fingerprint value */ for (p=line,n=0; hexdigitp (p); p++, n++) ; @@ -718,7 +728,12 @@ cmd_setkeydesc (assuan_context_t ctx, char *line) plus_to_blank (desc); xfree (ctrl->server_local->keydesc); - ctrl->server_local->keydesc = xtrystrdup (desc); + + if (ctrl->restricted) + ctrl->server_local->keydesc = strconcat + ("Note: Request from a remote site.\n\n", desc, NULL); + else + ctrl->server_local->keydesc = xtrystrdup (desc); if (!ctrl->server_local->keydesc) return out_of_core (); return 0; @@ -928,6 +943,9 @@ cmd_genkey (assuan_context_t ctx, char *line) int opt_preset; char *p; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + opt_preset = has_option (line, "--preset"); no_protection = has_option (line, "--no-protection"); line = skip_options (line); @@ -974,6 +992,9 @@ cmd_readkey (assuan_context_t ctx, char *line) unsigned char grip[20]; gcry_sexp_t s_pkey = NULL; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + rc = parse_keygrip (ctx, line, grip); if (rc) return rc; /* Return immediately as this is already an Assuan error code.*/ @@ -1199,6 +1220,9 @@ cmd_keyinfo (assuan_context_t ctx, char *line) char hexgrip[41]; int disabled, ttl, confirm, is_ssh; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + if (has_option (line, "--ssh-list")) list_mode = 2; else @@ -1376,6 +1400,9 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) int opt_repeat = 0; char *repeat_errtext = NULL; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + opt_data = has_option (line, "--data"); opt_check = has_option (line, "--check"); opt_no_ask = has_option (line, "--no-ask"); @@ -1515,10 +1542,14 @@ static const char hlp_clear_passphrase[] = static gpg_error_t cmd_clear_passphrase (assuan_context_t ctx, char *line) { + ctrl_t ctrl = assuan_get_pointer (ctx); char *cacheid = NULL; char *p; int opt_normal; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + opt_normal = has_option (line, "--mode=normal"); line = skip_options (line); @@ -1557,6 +1588,9 @@ cmd_get_confirmation (assuan_context_t ctx, char *line) char *desc = NULL; char *p; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + /* parse the stuff */ for (p=line; *p == ' '; p++) ; @@ -1595,6 +1629,9 @@ cmd_learn (assuan_context_t ctx, char *line) ctrl_t ctrl = assuan_get_pointer (ctx); int rc; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + rc = agent_handle_learn (ctrl, has_option (line, "--send")? ctx : NULL); return leave_cmd (ctx, rc); } @@ -1621,6 +1658,9 @@ cmd_passwd (assuan_context_t ctx, char *line) char *pend; int opt_preset; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + opt_preset = has_option (line, "--preset"); cache_nonce = option_value (line, "--cache-nonce"); if (cache_nonce) @@ -1756,6 +1796,7 @@ static const char hlp_preset_passphrase[] = static gpg_error_t cmd_preset_passphrase (assuan_context_t ctx, char *line) { + ctrl_t ctrl = assuan_get_pointer (ctx); int rc; char *grip_clear = NULL; unsigned char *passphrase = NULL; @@ -1763,6 +1804,9 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line) size_t len; int opt_inquire; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + if (!opt.allow_preset_passphrase) return set_error (GPG_ERR_NOT_SUPPORTED, "no --allow-preset-passphrase"); @@ -1847,6 +1891,9 @@ cmd_scd (assuan_context_t ctx, char *line) ctrl_t ctrl = assuan_get_pointer (ctx); int rc; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + rc = divert_generic_cmd (ctrl, line, ctx); return rc; @@ -1876,6 +1923,8 @@ cmd_keywrap_key (assuan_context_t ctx, char *line) gpg_error_t err = 0; int clearopt = has_option (line, "--clear"); + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); assuan_begin_confidential (ctx); if (has_option (line, "--import")) @@ -1940,6 +1989,9 @@ cmd_import_key (assuan_context_t ctx, char *line) char *cache_nonce = NULL; char *p; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + if (!ctrl->server_local->import_key) { err = gpg_error (GPG_ERR_MISSING_KEY); @@ -2129,6 +2181,9 @@ cmd_export_key (assuan_context_t ctx, char *line) char *pend; int c; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + openpgp = has_option (line, "--openpgp"); cache_nonce = option_value (line, "--cache-nonce"); if (cache_nonce) @@ -2280,6 +2335,9 @@ cmd_delete_key (assuan_context_t ctx, char *line) gpg_error_t err; unsigned char grip[20]; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + line = skip_options (line); err = parse_keygrip (ctx, line, grip); @@ -2318,6 +2376,9 @@ cmd_keytocard (assuan_context_t ctx, char *line) unsigned char *shdkey; time_t timestamp; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + force = has_option (line, "--force"); line = skip_options (line); @@ -2434,6 +2495,8 @@ cmd_keytocard (assuan_context_t ctx, char *line) leave: return leave_cmd (ctx, err); } + + static const char hlp_getval[] = "GETVAL \n" @@ -2443,11 +2506,15 @@ static const char hlp_getval[] = static gpg_error_t cmd_getval (assuan_context_t ctx, char *line) { + ctrl_t ctrl = assuan_get_pointer (ctx); int rc = 0; char *key = NULL; char *p; struct putval_item_s *vl; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + for (p=line; *p == ' '; p++) ; key = p; @@ -2498,6 +2565,7 @@ static const char hlp_putval[] = static gpg_error_t cmd_putval (assuan_context_t ctx, char *line) { + ctrl_t ctrl = assuan_get_pointer (ctx); int rc = 0; char *key = NULL; char *value = NULL; @@ -2505,6 +2573,9 @@ cmd_putval (assuan_context_t ctx, char *line) char *p; struct putval_item_s *vl, *vlprev; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + for (p=line; *p == ' '; p++) ; key = p; @@ -2583,6 +2654,9 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line) (void)line; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + se = session_env_new (); if (!se) err = gpg_error_from_syserror (); @@ -2634,6 +2708,9 @@ cmd_killagent (assuan_context_t ctx, char *line) (void)line; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + ctrl->server_local->stopme = 1; assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1); return 0; @@ -2648,9 +2725,13 @@ static const char hlp_reloadagent[] = static gpg_error_t cmd_reloadagent (assuan_context_t ctx, char *line) { - (void)ctx; + ctrl_t ctrl = assuan_get_pointer (ctx); + (void)line; + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + agent_sighup_action (); return 0; } @@ -2672,7 +2753,8 @@ static const char hlp_getinfo[] = " std_session_env - List the standard session environment.\n" " std_startup_env - List the standard startup environment.\n" " cmd_has_option\n" - " - Returns OK if the command CMD implements the option OPT\n."; + " - Returns OK if the command CMD implements the option OPT.\n" + " restricted - Returns OK if the connection is in restricted mode.\n"; static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) { @@ -2684,6 +2766,54 @@ cmd_getinfo (assuan_context_t ctx, char *line) const char *s = VERSION; rc = assuan_send_data (ctx, s, strlen (s)); } + else if (!strncmp (line, "cmd_has_option", 14) + && (line[14] == ' ' || line[14] == '\t' || !line[14])) + { + char *cmd, *cmdopt; + line += 14; + while (*line == ' ' || *line == '\t') + line++; + if (!*line) + rc = gpg_error (GPG_ERR_MISSING_VALUE); + else + { + cmd = line; + while (*line && (*line != ' ' && *line != '\t')) + line++; + if (!*line) + rc = gpg_error (GPG_ERR_MISSING_VALUE); + else + { + *line++ = 0; + while (*line == ' ' || *line == '\t') + line++; + if (!*line) + rc = gpg_error (GPG_ERR_MISSING_VALUE); + else + { + cmdopt = line; + if (!command_has_option (cmd, cmdopt)) + rc = gpg_error (GPG_ERR_GENERAL); + } + } + } + } + else if (!strcmp (line, "s2k_count")) + { + char numbuf[50]; + + snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_count ()); + rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); + } + else if (!strcmp (line, "restricted")) + { + rc = ctrl->restricted? 0 : gpg_error (GPG_ERR_GENERAL); + } + else if (ctrl->restricted) + { + rc = gpg_error (GPG_ERR_FORBIDDEN); + } + /* All sub-commands below are not allowed in restricted mode. */ else if (!strcmp (line, "pid")) { char numbuf[50]; @@ -2713,13 +2843,6 @@ cmd_getinfo (assuan_context_t ctx, char *line) { rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_GENERAL); } - else if (!strcmp (line, "s2k_count")) - { - char numbuf[50]; - - snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_count ()); - rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); - } else if (!strcmp (line, "std_session_env") || !strcmp (line, "std_startup_env")) { @@ -2748,38 +2871,6 @@ cmd_getinfo (assuan_context_t ctx, char *line) } } } - else if (!strncmp (line, "cmd_has_option", 14) - && (line[14] == ' ' || line[14] == '\t' || !line[14])) - { - char *cmd, *cmdopt; - line += 14; - while (*line == ' ' || *line == '\t') - line++; - if (!*line) - rc = gpg_error (GPG_ERR_MISSING_VALUE); - else - { - cmd = line; - while (*line && (*line != ' ' && *line != '\t')) - line++; - if (!*line) - rc = gpg_error (GPG_ERR_MISSING_VALUE); - else - { - *line++ = 0; - while (*line == ' ' || *line == '\t') - line++; - if (!*line) - rc = gpg_error (GPG_ERR_MISSING_VALUE); - else - { - cmdopt = line; - if (!command_has_option (cmd, cmdopt)) - rc = gpg_error (GPG_ERR_GENERAL); - } - } - } - } else rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); return rc; @@ -2802,6 +2893,11 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) ctrl->server_local->allow_fully_canceled = gnupg_compare_version (value, "2.1.0"); } + else if (ctrl->restricted) + { + err = gpg_error (GPG_ERR_FORBIDDEN); + } + /* All options below are not allowed in restricted mode. */ else if (!strcmp (key, "putenv")) { /* Change the session's environment to be used for the diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 23d6ee2..e001ad1 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -111,6 +111,7 @@ enum cmd_and_opt_values oEnablePassphraseHistory, oUseStandardSocket, oNoUseStandardSocket, + oExtraSocket, oFakedSystemTime, oIgnoreCacheForSigning, @@ -209,6 +210,7 @@ static ARGPARSE_OPTS opts[] = { /* */ "@" #endif ), + ARGPARSE_s_s (oExtraSocket, "extra-socket", "@"), /* Dummy options for backward compatibility. */ ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), @@ -280,12 +282,16 @@ static int maybe_setuid = 1; /* Name of the communication socket used for native gpg-agent requests. */ static char *socket_name; +/* Name of the optional extra socket used for native gpg-agent requests. */ +static char *socket_name_extra; + /* Name of the communication socket used for ssh-agent-emulation. */ static char *socket_name_ssh; /* We need to keep track of the server's nonces (these are dummies for POSIX systems). */ static assuan_sock_nonce_t socket_nonce; +static assuan_sock_nonce_t socket_nonce_extra; static assuan_sock_nonce_t socket_nonce_ssh; @@ -320,8 +326,8 @@ static int active_connections; Local prototypes. */ -static char *create_socket_name (char *standard_name); -static gnupg_fd_t create_server_socket (char *name, int is_ssh, +static char *create_socket_name (char *standard_name, int with_homedir); +static gnupg_fd_t create_server_socket (char *name, int primary, assuan_sock_nonce_t *nonce); static void create_directories (void); @@ -329,6 +335,7 @@ static void agent_init_default_ctrl (ctrl_t ctrl); static void agent_deinit_default_ctrl (ctrl_t ctrl); static void handle_connections (gnupg_fd_t listen_fd, + gnupg_fd_t listen_fd_extra, gnupg_fd_t listen_fd_ssh); static void check_own_socket (void); static int check_for_running_agent (int silent); @@ -498,6 +505,8 @@ cleanup (void) done = 1; deinitialize_module_cache (); remove_socket (socket_name); + if (opt.extra_socket > 1) + remove_socket (socket_name_extra); remove_socket (socket_name_ssh); } @@ -860,6 +869,11 @@ main (int argc, char **argv ) # endif break; + case oExtraSocket: + opt.extra_socket = 1; /* (1 = points into argv) */ + socket_name_extra = pargs.r.ret_str; + break; + case oDebugQuickRandom: /* Only used by the first stage command line parser. */ break; @@ -1067,7 +1081,8 @@ main (int argc, char **argv ) else { /* Regular server mode */ gnupg_fd_t fd; - gnupg_fd_t fd_ssh; + gnupg_fd_t fd_extra = GNUPG_INVALID_FD; + gnupg_fd_t fd_ssh = GNUPG_INVALID_FD; pid_t pid; /* Remove the DISPLAY variable so that a pinentry does not @@ -1081,17 +1096,23 @@ main (int argc, char **argv ) gnupg_unsetenv ("DISPLAY"); #endif - /* Create the sockets. */ - socket_name = create_socket_name (GPG_AGENT_SOCK_NAME); - fd = create_server_socket (socket_name, 0, &socket_nonce); + socket_name = create_socket_name (GPG_AGENT_SOCK_NAME, 1); + fd = create_server_socket (socket_name, 1, &socket_nonce); + + if (opt.extra_socket) + { + socket_name_extra = create_socket_name (socket_name_extra, 0); + opt.extra_socket = 2; /* Indicate that it has been malloced. */ + fd_extra = create_server_socket (socket_name_extra, 0, + &socket_nonce_extra); + } + if (opt.ssh_support) { - socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME); - fd_ssh = create_server_socket (socket_name_ssh, 1, &socket_nonce_ssh); + socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1); + fd_ssh = create_server_socket (socket_name_ssh, 0, &socket_nonce_ssh); } - else - fd_ssh = GNUPG_INVALID_FD; /* If we are going to exec a program in the parent, we record the PID, so that the child may check whether the program is @@ -1154,6 +1175,8 @@ main (int argc, char **argv ) *socket_name = 0; /* Don't let cleanup() remove the socket - the child should do this from now on */ + if (opt.extra_socket) + *socket_name_extra = 0; if (opt.ssh_support) *socket_name_ssh = 0; @@ -1264,7 +1287,7 @@ main (int argc, char **argv ) #endif /*!HAVE_W32_SYSTEM*/ log_info ("%s %s started\n", strusage(11), strusage(13) ); - handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD); + handle_connections (fd, fd_extra, fd_ssh); assuan_sock_close (fd); } @@ -1304,7 +1327,7 @@ agent_exit (int rc) structure usually identified by an argument named CTRL. This function is called immediately after allocating the control structure. Its purpose is to setup the default values for that - structure. */ + structure. Note that some values may have already been set. */ static void agent_init_default_ctrl (ctrl_t ctrl) { @@ -1463,11 +1486,14 @@ get_agent_scd_notify_event (void) Pointer to an allocated string with the absolute name of the socket used. */ static char * -create_socket_name (char *standard_name) +create_socket_name (char *standard_name, int with_homedir) { char *name; - name = make_filename (opt.homedir, standard_name, NULL); + if (with_homedir) + name = make_filename (opt.homedir, standard_name, NULL); + else + name = make_filename (standard_name, NULL); if (strchr (name, PATHSEP_C)) { log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S); @@ -1484,11 +1510,11 @@ create_socket_name (char *standard_name) /* Create a Unix domain socket with NAME. Returns the file descriptor - or terminates the process in case of an error. Not that this - function needs to be used for the regular socket first and only - then for the ssh socket. */ + or terminates the process in case of an error. Note that this + function needs to be used for the regular socket first (indicated + by PRIMARY) and only then for the extra and the ssh sockets. */ static gnupg_fd_t -create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) +create_server_socket (char *name, int primary, assuan_sock_nonce_t *nonce) { struct sockaddr_un *serv_addr; socklen_t len; @@ -1531,7 +1557,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) know the new Assuan socket, the Assuan server and thus the ssh-agent server is not yet operational. This would lead to a hang. */ - if (!is_ssh && !check_for_running_agent (1)) + if (primary && !check_for_running_agent (1)) { log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX); log_set_file (NULL); @@ -1980,12 +2006,9 @@ putty_message_thread (void *arg) #endif /*HAVE_W32_SYSTEM*/ -/* This is the standard connection thread's main function. */ static void * -start_connection_thread (void *arg) +start_connection_thread (ctrl_t ctrl) { - ctrl_t ctrl = arg; - if (check_nonce (ctrl, &socket_nonce)) { log_error ("handler 0x%lx nonce check FAILED\n", @@ -2009,6 +2032,27 @@ start_connection_thread (void *arg) } +/* This is the standard connection thread's main function. */ +static void * +start_connection_thread_std (void *arg) +{ + ctrl_t ctrl = arg; + + return start_connection_thread (ctrl); +} + + +/* This is the extra socket connection thread's main function. */ +static void * +start_connection_thread_extra (void *arg) +{ + ctrl_t ctrl = arg; + + ctrl->restricted = 1; + return start_connection_thread (ctrl); +} + + /* This is the ssh connection thread's main function. */ static void * start_connection_thread_ssh (void *arg) @@ -2037,7 +2081,9 @@ start_connection_thread_ssh (void *arg) /* Connection handler loop. Wait for connection requests and spawn a thread after accepting a connection. */ static void -handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) +handle_connections (gnupg_fd_t listen_fd, + gnupg_fd_t listen_fd_extra, + gnupg_fd_t listen_fd_ssh) { npth_attr_t tattr; struct sockaddr_un paddr; @@ -2054,6 +2100,16 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) HANDLE events[2]; unsigned int events_set; #endif + struct { + const char *name; + void *(*func) (void *arg); + gnupg_fd_t l_fd; + } listentbl[] = { + { "std", start_connection_thread_std }, + { "extra",start_connection_thread_extra }, + { "ssh", start_connection_thread_ssh } + }; + ret = npth_attr_init(&tattr); if (ret) @@ -2103,6 +2159,12 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) FD_ZERO (&fdset); FD_SET (FD2INT (listen_fd), &fdset); nfd = FD2INT (listen_fd); + if (listen_fd_extra != GNUPG_INVALID_FD) + { + FD_SET ( FD2INT(listen_fd_extra), &fdset); + if (FD2INT (listen_fd_extra) > nfd) + nfd = FD2INT (listen_fd_extra); + } if (listen_fd_ssh != GNUPG_INVALID_FD) { FD_SET ( FD2INT(listen_fd_ssh), &fdset); @@ -2110,6 +2172,10 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) nfd = FD2INT (listen_fd_ssh); } + listentbl[0].l_fd = listen_fd; + listentbl[1].l_fd = listen_fd_extra; + listentbl[2].l_fd = listen_fd_ssh; + npth_clock_gettime (&abstime); abstime.tv_sec += TIMERTICK_INTERVAL; @@ -2172,92 +2238,56 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) next timeout. */ continue; - if (!shutdown_pending && FD_ISSET (FD2INT (listen_fd), &read_fdset)) - { + if (!shutdown_pending) + { + int idx; ctrl_t ctrl; + npth_t thread; - plen = sizeof paddr; - fd = INT2FD (npth_accept (FD2INT(listen_fd), - (struct sockaddr *)&paddr, &plen)); - if (fd == GNUPG_INVALID_FD) - { - log_error ("accept failed: %s\n", strerror (errno)); - } - else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) ) - { - log_error ("error allocating connection control data: %s\n", - strerror (errno) ); - assuan_sock_close (fd); - } - else if ( !(ctrl->session_env = session_env_new ()) ) + for (idx=0; idx < DIM(listentbl); idx++) { - log_error ("error allocating session environment block: %s\n", - strerror (errno) ); - xfree (ctrl); - assuan_sock_close (fd); - } - else - { - npth_t thread; - - ctrl->thread_startup.fd = fd; - ret = npth_create (&thread, &tattr, - start_connection_thread, ctrl); - if (ret) + if (listentbl[idx].l_fd == GNUPG_INVALID_FD) + continue; + if (!FD_ISSET (FD2INT (listentbl[idx].l_fd), &read_fdset)) + continue; + + plen = sizeof paddr; + fd = INT2FD (npth_accept (FD2INT(listentbl[idx].l_fd), + (struct sockaddr *)&paddr, &plen)); + if (fd == GNUPG_INVALID_FD) { - log_error ("error spawning connection handler: %s\n", - strerror (ret)); - assuan_sock_close (fd); - xfree (ctrl); + log_error ("accept failed for %s: %s\n", + listentbl[idx].name, strerror (errno)); } - - } - fd = GNUPG_INVALID_FD; - } - - if (!shutdown_pending && listen_fd_ssh != GNUPG_INVALID_FD - && FD_ISSET ( FD2INT (listen_fd_ssh), &read_fdset)) - { - ctrl_t ctrl; - - plen = sizeof paddr; - fd = INT2FD(npth_accept (FD2INT(listen_fd_ssh), - (struct sockaddr *)&paddr, &plen)); - if (fd == GNUPG_INVALID_FD) - { - log_error ("accept failed for ssh: %s\n", strerror (errno)); - } - else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) ) - { - log_error ("error allocating connection control data: %s\n", - strerror (errno) ); - assuan_sock_close (fd); - } - else if ( !(ctrl->session_env = session_env_new ()) ) - { - log_error ("error allocating session environment block: %s\n", - strerror (errno) ); - xfree (ctrl); - assuan_sock_close (fd); - } - else - { - npth_t thread; - - agent_init_default_ctrl (ctrl); - ctrl->thread_startup.fd = fd; - ret = npth_create (&thread, &tattr, - start_connection_thread_ssh, ctrl); - if (ret) + else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl))) { - log_error ("error spawning ssh connection handler: %s\n", - strerror (ret)); + log_error ("error allocating connection data for %s: %s\n", + listentbl[idx].name, strerror (errno) ); assuan_sock_close (fd); + } + else if ( !(ctrl->session_env = session_env_new ())) + { + log_error ("error allocating session env block for %s: %s\n", + listentbl[idx].name, strerror (errno) ); xfree (ctrl); + assuan_sock_close (fd); + } + else + { + ctrl->thread_startup.fd = fd; + ret = npth_create (&thread, &tattr, + listentbl[idx].func, ctrl); + if (ret) + { + log_error ("error spawning connection handler for %s:" + " %s\n", listentbl[idx].name, strerror (ret)); + assuan_sock_close (fd); + xfree (ctrl); + } } + fd = GNUPG_INVALID_FD; } - fd = GNUPG_INVALID_FD; - } + } } cleanup (); diff --git a/common/asshelp.c b/common/asshelp.c index e675fda..51ef172 100644 --- a/common/asshelp.c +++ b/common/asshelp.c @@ -504,9 +504,23 @@ start_new_gpg_agent (assuan_context_t *r_ctx, err = assuan_transact (ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL); if (!err) - err = send_pinentry_environment (ctx, errsource, - opt_lc_ctype, opt_lc_messages, - session_env); + { + err = send_pinentry_environment (ctx, errsource, + opt_lc_ctype, opt_lc_messages, + session_env); + if (gpg_err_code (err) == GPG_ERR_FORBIDDEN + && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT) + { + /* Check whether we are in restricted mode. */ + if (!assuan_transact (ctx, "GETINFO restricted", + NULL, NULL, NULL, NULL, NULL, NULL)) + { + if (verbose) + log_info (_("connection to agent is in restricted mode\n")); + err = 0; + } + } + } if (err) { assuan_release (ctx); diff --git a/common/util.h b/common/util.h index dd5fdb1..a6f8606 100644 --- a/common/util.h +++ b/common/util.h @@ -35,6 +35,12 @@ #include /* We need errno. */ #include /* We need gpg_error_t and estream. */ +/* These error codes are used but not defined in the required + libgpg-error version. Define them here. */ +#if GPG_ERROR_VERSION_NUMBER < 0x011200 /* 1.18 */ +# define GPG_ERR_FORBIDDEN 251 +#endif + /* Hash function used with libksba. */ #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index a4079d7..7523043 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -532,6 +532,19 @@ Ignore requests to change the current @code{tty} or X window system's @code{DISPLAY} variable respectively. This is useful to lock the pinentry to pop up at the @code{tty} or display you started the agent. + + at anchor{option --extra-socket} + at item --extra-socket @var{name} + at opindex extra-socket +Also listen on native gpg-agent connections on the given socket. The +intended use for this extra socket is to setup a Unix domain socket +forwarding from a remote machine to this socket on the local machine. +A @command{gpg} running on the remote machine may then connect to the +local gpg-agent and use its private keys. This allows to decrypt or +sign data on a remote machine without exposing the private keys to the +remote machine. + + @anchor{option --enable-ssh-support} @item --enable-ssh-support @opindex enable-ssh-support commit ccee34736b57a42ec4bdcb0d3181bdc6a08b0fff Author: ???????? ??????? Date: Thu Nov 27 17:28:00 2014 +0100 agent: Make auditing of the option list easier. * agent/gpg-agent.c (opts): Use ARGPARSE_ macros. diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 5960fe3..23d6ee2 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -131,83 +131,91 @@ enum cmd_and_opt_values static ARGPARSE_OPTS opts[] = { - { aGPGConfList, "gpgconf-list", 256, "@" }, - { aGPGConfTest, "gpgconf-test", 256, "@" }, - { aUseStandardSocketP, "use-standard-socket-p", 256, "@" }, - - { 301, NULL, 0, N_("@Options:\n ") }, - - { oDaemon, "daemon", 0, N_("run in daemon mode (background)") }, - { oServer, "server", 0, N_("run in server mode (foreground)") }, - { oVerbose, "verbose", 0, N_("verbose") }, - { oQuiet, "quiet", 0, N_("be somewhat more quiet") }, - { oSh, "sh", 0, N_("sh-style command output") }, - { oCsh, "csh", 0, N_("csh-style command output") }, - { oOptions, "options" , 2, N_("|FILE|read options from FILE")}, - { oDebug, "debug" ,4|16, "@"}, - { oDebugAll, "debug-all" ,0, "@"}, - { oDebugLevel, "debug-level" ,2, "@"}, - { oDebugWait,"debug-wait",1, "@"}, + ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"), + ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"), + ARGPARSE_c (aUseStandardSocketP, "use-standard-socket-p", "@"), + + ARGPARSE_group (301, N_("@Options:\n ")), + + ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")), + ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")), + ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), + ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), + ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")), + ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")), + ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")), + + ARGPARSE_s_u (oDebug, "debug", "@"), + ARGPARSE_s_n (oDebugAll, "debug-all", "@"), + ARGPARSE_s_s (oDebugLevel, "debug-level", "@"), + ARGPARSE_s_i (oDebugWait," debug-wait", "@"), ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"), - { oNoDetach, "no-detach" ,0, N_("do not detach from the console")}, - { oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")}, - { oLogFile, "log-file" ,2, N_("use a log file for the server")}, - { oUseStandardSocket, "use-standard-socket", 0, "@"}, /* dummy */ - { oNoUseStandardSocket, "no-use-standard-socket", 0, "@"}, /* dummy */ - { oPinentryProgram, "pinentry-program", 2 , - N_("|PGM|use PGM as the PIN-Entry program") }, - { oPinentryTouchFile, "pinentry-touch-file", 2 , "@" }, - { oScdaemonProgram, "scdaemon-program", 2 , - N_("|PGM|use PGM as the SCdaemon program") }, - { oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") }, - { oDisableCheckOwnSocket, "disable-check-own-socket", 0, "@" }, - { oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */ - - { oBatch, "batch", 0, "@" }, - { oHomedir, "homedir", 2, "@"}, - - { oDisplay, "display", 2, "@" }, - { oTTYname, "ttyname", 2, "@" }, - { oTTYtype, "ttytype", 2, "@" }, - { oLCctype, "lc-ctype", 2, "@" }, - { oLCmessages, "lc-messages", 2, "@" }, - { oXauthority, "xauthority", 2, "@" }, - { oKeepTTY, "keep-tty", 0, N_("ignore requests to change the TTY")}, - { oKeepDISPLAY, "keep-display", - 0, N_("ignore requests to change the X display")}, - - { oDefCacheTTL, "default-cache-ttl", 4, - N_("|N|expire cached PINs after N seconds")}, - { oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" }, - { oMaxCacheTTL, "max-cache-ttl", 4, "@" }, - { oMaxCacheTTLSSH, "max-cache-ttl-ssh", 4, "@" }, - - { oEnforcePassphraseConstraints, "enforce-passphrase-constraints", 0, "@"}, - { oMinPassphraseLen, "min-passphrase-len", 4, "@" }, - { oMinPassphraseNonalpha, "min-passphrase-nonalpha", 4, "@" }, - { oCheckPassphrasePattern, "check-passphrase-pattern", 2, "@" }, - { oMaxPassphraseDays, "max-passphrase-days", 4, "@" }, - { oEnablePassphraseHistory, "enable-passphrase-history", 0, "@" }, - - { oIgnoreCacheForSigning, "ignore-cache-for-signing", 0, - N_("do not use the PIN cache when signing")}, - { oNoAllowMarkTrusted, "no-allow-mark-trusted", 0, - N_("disallow clients to mark keys as \"trusted\"")}, - { oAllowMarkTrusted, "allow-mark-trusted", 0, "@"}, - { oAllowPresetPassphrase, "allow-preset-passphrase", 0, - N_("allow presetting passphrase")}, - { oAllowLoopbackPinentry, "allow-loopback-pinentry", 0, - N_("allow presetting passphrase")}, - { oSSHSupport, "enable-ssh-support", 0, N_("enable ssh support") }, - { oPuttySupport, "enable-putty-support", 0, + + ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")), + ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")), + ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")), + ARGPARSE_s_s (oPinentryProgram, "pinentry-program", + /* */ N_("|PGM|use PGM as the PIN-Entry program")), + ARGPARSE_s_s (oPinentryTouchFile, "pinentry-touch-file", "@"), + ARGPARSE_s_s (oScdaemonProgram, "scdaemon-program", + /* */ N_("|PGM|use PGM as the SCdaemon program") ), + ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon", + /* */ N_("do not use the SCdaemon") ), + ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"), + ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), + + ARGPARSE_s_n (oBatch, "batch", "@"), + ARGPARSE_s_s (oHomedir, "homedir", "@"), + + ARGPARSE_s_s (oDisplay, "display", "@"), + ARGPARSE_s_s (oTTYname, "ttyname", "@"), + ARGPARSE_s_s (oTTYtype, "ttytype", "@"), + ARGPARSE_s_s (oLCctype, "lc-ctype", "@"), + ARGPARSE_s_s (oLCmessages, "lc-messages", "@"), + ARGPARSE_s_s (oXauthority, "xauthority", "@"), + ARGPARSE_s_n (oKeepTTY, "keep-tty", + /* */ N_("ignore requests to change the TTY")), + ARGPARSE_s_n (oKeepDISPLAY, "keep-display", + /* */ N_("ignore requests to change the X display")), + + ARGPARSE_s_u (oDefCacheTTL, "default-cache-ttl", + N_("|N|expire cached PINs after N seconds")), + ARGPARSE_s_u (oDefCacheTTLSSH, "default-cache-ttl-ssh", "@" ), + ARGPARSE_s_u (oMaxCacheTTL, "max-cache-ttl", "@" ), + ARGPARSE_s_u (oMaxCacheTTLSSH, "max-cache-ttl-ssh", "@" ), + + ARGPARSE_s_n (oEnforcePassphraseConstraints, "enforce-passphrase-constraints", + /* */ "@"), + ARGPARSE_s_u (oMinPassphraseLen, "min-passphrase-len", "@"), + ARGPARSE_s_u (oMinPassphraseNonalpha, "min-passphrase-nonalpha", "@"), + ARGPARSE_s_s (oCheckPassphrasePattern, "check-passphrase-pattern", "@"), + ARGPARSE_s_u (oMaxPassphraseDays, "max-passphrase-days", "@"), + ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history", "@"), + + ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing", + /* */ N_("do not use the PIN cache when signing")), + ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted", + /* */ N_("disallow clients to mark keys as \"trusted\"")), + ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"), + ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase", + /* */ N_("allow presetting passphrase")), + ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry", + N_("allow presetting passphrase")), + ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")), + ARGPARSE_s_n (oPuttySupport, "enable-putty-support", #ifdef HAVE_W32_SYSTEM - N_("enable putty support") + /* */ N_("enable putty support") #else - "@" + /* */ "@" #endif - }, - { oWriteEnvFile, "write-env-file", 2|8, "@" }, /* dummy */ - {0} + ), + + /* Dummy options for backward compatibility. */ + ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), + ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), + ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"), + + {0} /* End of list */ }; commit 68a7ccc0c870cce6ab9fefb1aa6fd100e1de129b Author: Kristian Fiskerstrand Date: Tue Nov 25 19:24:18 2014 +0100 dirmngr: Only report hkps scheme when available * dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros. -- Only report support for the hkps scheme when GnuPG / dirmngr has been built with a TLS library. This helps debuging and enable the user to detect whether support for hkps is included by doing a `gpg-connect-agent --dirmngr 'keyserver --help' /bye`. Currently hkps will be listed as a supported scheme but trying to add a keyserver using it will silently fail. As a digression, https is never listed as a valid scheme. diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 12b1778..83e878a 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -767,12 +767,20 @@ ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri) const char const data[] = "Handler for HKP URLs:\n" " hkp://\n" +#if HTTP_USE_GNUTLS || HTTP_USE_NTBTLS " hkps://\n" +#endif "Supported methods: search, get, put\n"; gpg_error_t err; +#if HTTP_USE_GNUTLS || HTTP_USE_NTBTLS + const char data2[] = " hkp\n hkps"; +#else + const char data2[] = " hkp"; +#endif + if (!uri) - err = ks_print_help (ctrl, " hkp\n hkps"); + err = ks_print_help (ctrl, data2); else if (uri->is_http && (!strcmp (uri->scheme, "hkp") || !strcmp (uri->scheme, "hkps"))) err = ks_print_help (ctrl, data); ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 8 + agent/command.c | 180 ++++++++++++++++------ agent/gpg-agent.c | 384 ++++++++++++++++++++++++++--------------------- common/asshelp.c | 20 ++- common/util.h | 6 + dirmngr/ks-engine-hkp.c | 10 +- doc/gpg-agent.texi | 13 ++ 7 files changed, 402 insertions(+), 219 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 28 09:44:07 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 28 Nov 2014 09:44:07 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-49-g7aee357 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7aee3579be6e24a1aa280e75615fc3a11ceef960 (commit) from f173cdcdfbfd083b035516a406c2c754f38a0ace (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7aee3579be6e24a1aa280e75615fc3a11ceef960 Author: Werner Koch Date: Fri Nov 28 09:44:19 2014 +0100 Add option --no-autostart. * g10/gpg.c: Add option --no-autostart. * sm/gpgsm.c: Ditto. * g10/options.h (opt): Add field autostart. * sm/gpgsm.h (opt): Ditto. * g10/call-agent.c (start_agent): Print note if agent was not autostarted. * sm/call-agent.c (start_agent): Ditto. * g10/call-dirmngr.c (create_context): Likewise. * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 634b4e2..71ffaf8 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1735,6 +1735,14 @@ fallback when the environment variable @code{DIRMNGR_INFO} is not set or a running dirmngr cannot be connected. @end ifset + at item --no-autostart + at opindex no-autostart +Do not start the gpg-agent or the dirmngr if it has not yet been +started and its service is required. This option is mostly useful on +machines where the connection to gpg-agent has been redirected to +another machines. If dirmngr is required on the remote machine, it +may be started manually using @command{gpgconf --launch dirmngr}. + @item --lock-once @opindex lock-once Lock the databases the first time a lock is requested diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 2ddedcd..dcfe292 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -384,6 +384,14 @@ always used. @item --disable-dirmngr Entirely disable the use of the Dirmngr. + at item --no-autostart + at opindex no-autostart +Do not start the gpg-agent or the dirmngr if it has not yet been +started and its service is required. This option is mostly useful on +machines where the connection to gpg-agent has been redirected to +another machines. If dirmngr is required on the remote machine, it +may be started manually using @command{gpgconf --launch dirmngr}. + @item --no-secmem-warning @opindex no-secmem-warning Do not print a warning when the so called "secure memory" cannot be used. diff --git a/doc/tools.texi b/doc/tools.texi index d556b6d..0de214b 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1241,6 +1241,11 @@ When using @option{-S} or @option{--exec}, @command{gpg-connect-agent} connects to the assuan server in extended mode to allow descriptor passing. This option makes it use the old mode. + at item --no-autostart + at opindex no-autostart +Do not start the gpg-agent or the dirmngr if it has not yet been +started. + @item --run @var{file} @opindex run Run the commands from @var{file} at startup and then continue with the diff --git a/g10/call-agent.c b/g10/call-agent.c index 74d8cec..f5c943d 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -285,9 +285,19 @@ start_agent (ctrl_t ctrl, int for_card) opt.agent_program, opt.lc_ctype, opt.lc_messages, opt.session_env, - 1, opt.verbose, DBG_ASSUAN, + opt.autostart, opt.verbose, DBG_ASSUAN, NULL, NULL); - if (!rc) + if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT) + { + static int shown; + + if (!shown) + { + shown = 1; + log_info (_("no gpg-agent running in this session\n")); + } + } + else if (!rc) { /* Tell the agent that we support Pinentry notifications. No error checking so that it will work also with older diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 7150853..b802f81 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -130,9 +130,19 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx) GPG_ERR_SOURCE_DEFAULT, opt.homedir, opt.dirmngr_program, - 1, opt.verbose, DBG_ASSUAN, + opt.autostart, opt.verbose, DBG_ASSUAN, NULL /*gpg_status2*/, ctrl); - if (!err) + if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR) + { + static int shown; + + if (!shown) + { + shown = 1; + log_info (_("no dirmngr running in this session\n")); + } + } + else if (!err) { keyserver_spec_t ksi; diff --git a/g10/gpg.c b/g10/gpg.c index a2225a0..6e6407a 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -379,6 +379,7 @@ enum cmd_and_opt_values oNoAllowMultipleMessages, oAllowWeakDigestAlgos, oFakedSystemTime, + oNoAutostart, oNoop }; @@ -786,6 +787,7 @@ static ARGPARSE_OPTS opts[] = { /* New options. Fixme: Should go more to the top. */ ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"), ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"), + ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"), /* Dummy options with warnings. */ ARGPARSE_s_n (oUseAgent, "use-agent", "@"), @@ -2080,6 +2082,7 @@ main (int argc, char **argv) dotlock_create (NULL, 0); /* Register lock file cleanup. */ + opt.autostart = 1; opt.session_env = session_env_new (); if (!opt.session_env) log_fatal ("error allocating session environment block: %s\n", @@ -3131,6 +3134,8 @@ main (int argc, char **argv) } break; + case oNoAutostart: opt.autostart = 0; break; + case oNoop: break; default: diff --git a/g10/options.h b/g10/options.h index 6a94ff4..7ec81af 100644 --- a/g10/options.h +++ b/g10/options.h @@ -53,6 +53,7 @@ struct estream_t outfp; /* Hack, sometimes used in place of outfile. */ off_t max_output; int dry_run; + int autostart; int list_only; int textmode; int expert; diff --git a/sm/call-agent.c b/sm/call-agent.c index 59b1509..f579200 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -95,10 +95,20 @@ start_agent (ctrl_t ctrl) opt.agent_program, opt.lc_ctype, opt.lc_messages, opt.session_env, - 1, opt.verbose, DBG_ASSUAN, + opt.autostart, opt.verbose, DBG_ASSUAN, gpgsm_status2, ctrl); - if (!rc) + if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT) + { + static int shown; + + if (!shown) + { + shown = 1; + log_info (_("no gpg-agent running in this session\n")); + } + } + else if (!rc) { /* Tell the agent that we support Pinentry notifications. No error checking so that it will work also with older diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 4dc8425..f8cfdf8 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -209,8 +209,18 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r) err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT, opt.homedir, opt.dirmngr_program, - 1, opt.verbose, DBG_ASSUAN, + opt.autostart, opt.verbose, DBG_ASSUAN, gpgsm_status2, ctrl); + if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR) + { + static int shown; + + if (!shown) + { + shown = 1; + log_info (_("no dirmngr running in this session\n")); + } + } prepare_dirmngr (ctrl, ctx, err); if (err) return err; diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 03b9bb9..3398d17 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -183,7 +183,8 @@ enum cmd_and_opt_values { oIgnoreTimeConflict, oNoRandomSeedFile, oNoCommonCertsImport, - oIgnoreCertExtension + oIgnoreCertExtension, + oNoAutostart }; @@ -391,6 +392,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"), ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"), ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"), + ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"), /* Command aliases. */ ARGPARSE_c (aListKeys, "list-key", "@"), @@ -940,6 +942,7 @@ main ( int argc, char **argv) dotlock_create (NULL, 0); /* Register lockfile cleanup. */ + opt.autostart = 1; opt.session_env = session_env_new (); if (!opt.session_env) log_fatal ("error allocating session environment block: %s\n", @@ -1417,6 +1420,8 @@ main ( int argc, char **argv) add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str); break; + case oNoAutostart: opt.autostart = 0; break; + default: pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; break; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index e8322b7..63c9d0b 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -69,6 +69,7 @@ struct char *lc_ctype; char *lc_messages; + int autostart; const char *dirmngr_program; int disable_dirmngr; /* Do not do any dirmngr calls. */ const char *protect_tool_program; ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 8 ++++++++ doc/gpgsm.texi | 8 ++++++++ doc/tools.texi | 5 +++++ g10/call-agent.c | 14 ++++++++++++-- g10/call-dirmngr.c | 14 ++++++++++++-- g10/gpg.c | 5 +++++ g10/options.h | 1 + sm/call-agent.c | 14 ++++++++++++-- sm/call-dirmngr.c | 12 +++++++++++- sm/gpgsm.c | 7 ++++++- sm/gpgsm.h | 1 + 11 files changed, 81 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 28 12:21:03 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 28 Nov 2014 12:21:03 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-50-ge59b1cc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e59b1cc7471dd161a627b290c645ef7bd0d9d42c (commit) from 7aee3579be6e24a1aa280e75615fc3a11ceef960 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e59b1cc7471dd161a627b290c645ef7bd0d9d42c Author: Werner Koch Date: Fri Nov 28 12:20:42 2014 +0100 gpg: Change another BUG() call to a regular error message. * g10/mainproc.c (proc_tree): Replace BUG by a proper error messages. Signed-off-by: Werner Koch diff --git a/g10/mainproc.c b/g10/mainproc.c index d908d57..03a13c5 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -2123,8 +2123,9 @@ proc_tree (CTX c, kbnode_t node) free_md_filter_context (&c->mfx); /* Prepare to create all requested message digests. */ - if (gcry_md_open (&c->mfx.md, 0, 0)) - BUG (); + rc = gcry_md_open (&c->mfx.md, 0, 0); + if (rc) + goto hash_err; /* Fixme: why looking for the signature packet and not the one-pass packet? */ @@ -2154,6 +2155,7 @@ proc_tree (CTX c, kbnode_t node) use_textmode); } + hash_err: if (rc) { log_error ("can't hash datafile: %s\n", g10_errstr (rc)); @@ -2225,8 +2227,9 @@ proc_tree (CTX c, kbnode_t node) { /* Detached signature */ free_md_filter_context (&c->mfx); - if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) - BUG (); + rc = gcry_md_open (&c->mfx.md, sig->digest_algo, 0); + if (rc) + goto detached_hash_err; if (RFC2440 || RFC4880) ; /* Strict RFC mode. */ @@ -2236,8 +2239,9 @@ proc_tree (CTX c, kbnode_t node) { /* Enable a workaround for a pgp5 bug when the detached * signature has been created in textmode. */ - if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 )) - BUG (); + rc = gcry_md_open (&c->mfx.md2, sig->digest_algo, 0); + if (rc) + goto detached_hash_err; } /* Here we used to have another hack to work around a pgp @@ -2276,6 +2280,7 @@ proc_tree (CTX c, kbnode_t node) (sig->sig_class == 0x01)); } + detached_hash_err: if (rc) { log_error ("can't hash datafile: %s\n", g10_errstr(rc)); ----------------------------------------------------------------------- Summary of changes: g10/mainproc.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 28 16:40:49 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 28 Nov 2014 16:40:49 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.1.2-5-g1f99031 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 1f99031cb55e88840d98dd71381b2bc2618406fc (commit) from 2f040c0b7bcfdddf5e3597fbcdae9cc04fafe653 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f99031cb55e88840d98dd71381b2bc2618406fc Author: Werner Koch Date: Fri Nov 28 16:41:16 2014 +0100 Implement socket file redirection. * configure.ac (AC_CHECK_FUNC): Check for stat. * src/assuan-socket.c (SUN_LEN): Add. (eval_redirection): New. (_assuan_sock_connect) [!W32]: Implement socket file redirection. (_assuan_sock_set_sockaddr_un): New. (assuan_sock_set_sockaddr_un): New. -- This feature is useful to allow sockets with standard names even on file system which do not supports socket and to help with shared home directories. For example to use GnuPG 2.1 with shared home directories one will be abale to do: rm ~/.gnupg/S.gpg-agent || true printf "%%Assuan%%\nsocket=${HOME}/.gnupg/S.gpg-agent_${HOSTNAME}\n" \ > ~/.gnupg/S.gpg-agent Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 326196d..a2611db 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,11 @@ Noteworthy changes in version 2.1.4 (unreleased) [C4/A4/R_] ------------------------------------------------ + * Interface changes relative to the 2.1.3 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + assuan_sock_set_sockaddr_un NEW. + + Noteworthy changes in version 2.1.3 (2014-11-07) [C4/A4/R3] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index d03fd58..2f09e98 100644 --- a/configure.ac +++ b/configure.ac @@ -346,7 +346,7 @@ AM_PATH_GPG_ERROR(1.8,, AC_MSG_ERROR([libgpg-error was not found])) # # Checks for library functions. # -AC_CHECK_FUNCS([flockfile funlockfile inet_pton]) +AC_CHECK_FUNCS([flockfile funlockfile inet_pton stat]) # On some systems (e.g. Solaris) nanosleep requires linking to librl. # Given that we use nanosleep only as an optimization over a select diff --git a/doc/assuan.texi b/doc/assuan.texi index ddac37a..b932be0 100644 --- a/doc/assuan.texi +++ b/doc/assuan.texi @@ -1935,7 +1935,10 @@ Wrapper around socket. Wrapper around connect. For Unix domain sockets under Windows this function also does a write immediately after the the connect to send the -nonce as read from the socket's file. +nonce as read from the socket's file. Under Unix this function check +whether the socket file is a redirection file and connects to the +redirected socket instead; see @code{assuan_sock_set_sockaddr_un} for +details on the redirection file format. @end deftypefun @@ -1948,6 +1951,38 @@ Wrapper around bind. Under Windows this creates a file and writes the port number and a random nonce to this file. @end deftypefun + at deftypefun int assuan_sock_set_sockaddr_un ( @ + @w{const char *@var{fname}}, @ + @w{struct sockaddr *@var{addr}}, @ + @w{int *@var{r_redirected}}) + +This is a helper function to initialize the Unix socket domain address +structure @var{addr} and store the file name @var{fname} there. If + at var{r_redirected} is not NULL the function checks whether @var{fname} +already exists, is a regular file, and not a socket. In that case + at var{fname} is read to see whether this is a redirection to a socket +file. If that is the case 1 is stored at @var{r_redirected}. If the +file does not look like a redirection file 0 will be stored there and + at var{fname} will be used in the regular way. + +The format of a redirection file is + + at example +%Assuan% +socket=@var{name} + at end example + +With @var{name} being is the actual socket to use. No white spaces +are allowed, both lines must be terminated by a single linefeed, and +extra lines are not allowed. Environment variables are interpreted in + at var{name} if given in @code{$@{VAR@}} notation. No escape characters +are defined; if the string @code{$@{} shall be used in file name, an +environment variable with that content may be used. The length of the +redirection file is limited to 511 bytes which is more than sufficient +for any known implementation of Unix domain sockets. + at end deftypefun + + @deftypefun int assuan_sock_get_nonce ( @ @w{struct sockaddr *@var{addr}}, @ @w{int @var{addrlen}}, @ diff --git a/src/assuan-defs.h b/src/assuan-defs.h index 364510f..3dec3df 100644 --- a/src/assuan-defs.h +++ b/src/assuan-defs.h @@ -346,6 +346,8 @@ int _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, struct sockaddr *addr, int addrlen); int _assuan_sock_bind (assuan_context_t ctx, assuan_fd_t sockfd, struct sockaddr *addr, int addrlen); +int _assuan_sock_set_sockaddr_un (const char *fname, struct sockaddr *addr, + int *r_redirected); int _assuan_sock_get_nonce (assuan_context_t ctx, struct sockaddr *addr, int addrlen, assuan_sock_nonce_t *nonce); int _assuan_sock_check_nonce (assuan_context_t ctx, assuan_fd_t fd, diff --git a/src/assuan-socket.c b/src/assuan-socket.c index 7eba6b4..c8af51b 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -69,6 +69,15 @@ #endif #endif +#ifndef ENAMETOOLONG +# define ENAMETOOLONG EINVAL +#endif + +#ifndef SUN_LEN +# define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) \ + + strlen ((ptr)->sun_path)) +#endif + #ifdef HAVE_W32_SYSTEM @@ -88,7 +97,7 @@ utf8_to_wchar (const char *string) return NULL; nbytes = (size_t)(n+1) * sizeof(*result); - if (nbytes / sizeof(*result) != (n+1)) + if (nbytes / sizeof(*result) != (n+1)) { SetLastError (ERROR_INVALID_PARAMETER); return NULL; @@ -173,15 +182,15 @@ _assuan_sock_wsa2errno (int err) /* W32: Fill BUFFER with LENGTH bytes of random. Returns -1 on failure, 0 on success. Sets errno on failure. */ static int -get_nonce (char *buffer, size_t nbytes) +get_nonce (char *buffer, size_t nbytes) { HCRYPTPROV prov; int ret = -1; - if (!CryptAcquireContext (&prov, NULL, NULL, PROV_RSA_FULL, + if (!CryptAcquireContext (&prov, NULL, NULL, PROV_RSA_FULL, (CRYPT_VERIFYCONTEXT|CRYPT_SILENT)) ) gpg_err_set_errno (ENODEV); - else + else { if (!CryptGenRandom (prov, nbytes, (unsigned char *) buffer)) gpg_err_set_errno (ENODEV); @@ -235,9 +244,114 @@ read_port_and_nonce (const char *fname, unsigned short *port, char *nonce) #endif /*HAVE_W32_SYSTEM*/ +#ifndef HAVE_W32_SYSTEM +/* Find a redirected socket name for fname and return a malloced setup + filled sockaddr. If this does not work out NULL is returned and + ERRNO is set. If the file seems to be a redirect True is stored at + R_REDIRECT. Note that this function uses the standard malloc and + not the assuan wrapped one. The format of the file is: + + %Assuan% + socket=NAME + + where NAME is the actual socket to use. No white spaces are + allowed, both lines must be terminated by a single LF, extra lines + are not allowed. Environment variables are interpreted in NAME if + given in "${VAR} notation; no escape characters are defined, if + "${" shall be used verbatim, you need to use an environment + variable with that content. + + The use of an absolute NAME is strongly suggested. The length of + the file is limited to 511 bytes which is more than sufficient for + that common value of 107 for sun_path. */ +static struct sockaddr_un * +eval_redirection (const char *fname, int *r_redirect) +{ + FILE *fp; + char buffer[512], *name; + size_t n; + struct sockaddr_un *addr; + char *p, *pend; + const char *s; + + *r_redirect = 0; + + fp = fopen (fname, "rb"); + if (!fp) + return NULL; + n = fread (buffer, 1, sizeof buffer - 1, fp); + fclose (fp); + if (!n) + { + gpg_err_set_errno (ENOENT); + return NULL; + } + buffer[n] = 0; + if (n < 17 || buffer[n-1] != '\n' + || memcmp (buffer, "%Assuan%\nsocket=", 16)) + { + gpg_err_set_errno (EINVAL); + return NULL; + } + buffer[n-1] = 0; + name = buffer + 16; + + *r_redirect = 1; + + addr = calloc (1, sizeof *addr); + if (!addr) + return NULL; + addr->sun_family = AF_LOCAL; + + n = 0; + for (p=name; *p; p++) + { + if (*p == '$' && p[1] == '{') + { + p += 2; + pend = strchr (p, '}'); + if (!pend) + { + free (addr); + gpg_err_set_errno (EINVAL); + return NULL; + } + *pend = 0; + if (*p && (s = getenv (p))) + { + for (; *s; s++) + { + if (n < sizeof addr->sun_path - 1) + addr->sun_path[n++] = *s; + else + { + free (addr); + gpg_err_set_errno (ENAMETOOLONG); + return NULL; + } + } + } + p = pend; + } + else if (n < sizeof addr->sun_path - 1) + addr->sun_path[n++] = *p; + else + { + free (addr); + gpg_err_set_errno (ENAMETOOLONG); + return NULL; + } + } + + return addr; +} +#endif /*!HAVE_W32_SYSTEM*/ + + + /* Return a new socket. Note that under W32 we consider a socket the same as an System Handle; all functions using such a handle know - about this dual use and act accordingly. */ + about this dual use and act accordingly. */ assuan_fd_t _assuan_sock_new (assuan_context_t ctx, int domain, int type, int proto) { @@ -265,21 +379,21 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, unsigned short port; char nonce[16]; int ret; - + unaddr = (struct sockaddr_un *)addr; if (read_port_and_nonce (unaddr->sun_path, &port, nonce)) return -1; - + myaddr.sin_family = AF_INET; - myaddr.sin_port = htons (port); + myaddr.sin_port = htons (port); myaddr.sin_addr.s_addr = htonl (INADDR_LOOPBACK); - + /* Set return values. */ unaddr->sun_family = myaddr.sin_family; unaddr->sun_port = myaddr.sin_port; unaddr->sun_addr.s_addr = myaddr.sin_addr.s_addr; - - ret = _assuan_connect (ctx, HANDLE2SOCKET(sockfd), + + ret = _assuan_connect (ctx, HANDLE2SOCKET(sockfd), (struct sockaddr *)&myaddr, sizeof myaddr); if (!ret) { @@ -298,8 +412,40 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, int res; res = _assuan_connect (ctx, HANDLE2SOCKET (sockfd), addr, addrlen); return res; - } + } #else +# if HAVE_STAT + if (addr->sa_family == AF_LOCAL || addr->sa_family == AF_UNIX) + { + struct sockaddr_un *unaddr; + struct stat statbuf; + int redirect, res; + + unaddr = (struct sockaddr_un *)addr; + if (!stat (unaddr->sun_path, &statbuf) + && !S_ISSOCK (statbuf.st_mode) + && S_ISREG (statbuf.st_mode)) + { + /* The given socket file is not a socket but a regular file. + We use the content of that file to redirect to another + socket file. This can be used to use sockets on file + systems which do not support sockets or if for example a + home directory is shared by several machines. */ + unaddr = eval_redirection (unaddr->sun_path, &redirect); + if (unaddr) + { + res = _assuan_connect (ctx, sockfd, (struct sockaddr *)unaddr, + SUN_LEN (unaddr)); + free (unaddr); + return res; + } + if (redirect) + return -1; + /* Continue using the standard connect. */ + } + + } +# endif /*HAVE_STAT*/ return _assuan_connect (ctx, sockfd, addr, addrlen); #endif } @@ -330,7 +476,7 @@ _assuan_sock_bind (assuan_context_t ctx, assuan_fd_t sockfd, myaddr.sin_family = AF_INET; myaddr.sin_addr.s_addr = htonl (INADDR_LOOPBACK); - filehd = MyCreateFile (unaddr->sun_path, + filehd = MyCreateFile (unaddr->sun_path, GENERIC_WRITE, FILE_SHARE_READ, NULL, @@ -346,7 +492,7 @@ _assuan_sock_bind (assuan_context_t ctx, assuan_fd_t sockfd, rc = bind (HANDLE2SOCKET (sockfd), (struct sockaddr *)&myaddr, len); if (!rc) - rc = getsockname (HANDLE2SOCKET (sockfd), + rc = getsockname (HANDLE2SOCKET (sockfd), (struct sockaddr *)&myaddr, &len); if (rc) { @@ -360,7 +506,7 @@ _assuan_sock_bind (assuan_context_t ctx, assuan_fd_t sockfd, len = strlen (tmpbuf); memcpy (tmpbuf+len, nonce,16); len += 16; - + if (!WriteFile (filehd, tmpbuf, len, &nwritten, NULL)) { CloseHandle (filehd); @@ -384,6 +530,69 @@ _assuan_sock_bind (assuan_context_t ctx, assuan_fd_t sockfd, } +/* Setup the ADDR structure for a Unix domain socket with the socket + name FNAME. If this is a redirected socket and R_REDIRECTED is not + NULL, it will be setup for the real socket. Returns 0 on success + and stores 1 at R_REDIRECTED if it is a redirected socket. On + error -1 is returned and ERRNO will be set. */ +int +_assuan_sock_set_sockaddr_un (const char *fname, struct sockaddr *addr, + int *r_redirected) +{ + struct sockaddr_un *unaddr = (struct sockaddr_un *)addr; +#if !defined(HAVE_W32_SYSTEM) && defined(HAVE_STAT) + struct stat statbuf; +#endif + + if (r_redirected) + *r_redirected = 0; + +#if !defined(HAVE_W32_SYSTEM) && defined(HAVE_STAT) + if (r_redirected + && !stat (fname, &statbuf) + && !S_ISSOCK (statbuf.st_mode) + && S_ISREG (statbuf.st_mode)) + { + /* The given socket file is not a socket but a regular file. We + use the content of that file to redirect to another socket + file. This can be used to use sockets on file systems which + do not support sockets or if for example a home directory is + shared by several machines. */ + struct sockaddr_un *unaddr_new; + int redirect; + + unaddr_new = eval_redirection (fname, &redirect); + if (unaddr_new) + { + memcpy (unaddr, unaddr_new, sizeof *unaddr); + free (unaddr_new); + *r_redirected = 1; + return 0; + } + if (redirect) + { + *r_redirected = 1; + return -1; /* Error. */ + } + /* Fallback to standard setup. */ + } +#endif /*!HAVE_W32_SYSTEM && HAVE_STAT*/ + + if (strlen (fname)+1 >= sizeof unaddr->sun_path) + { + gpg_err_set_errno (ENAMETOOLONG); + return -1; + } + + memset (unaddr, 0, sizeof *unaddr); + unaddr->sun_family = AF_LOCAL; + strncpy (unaddr->sun_path, fname, sizeof unaddr->sun_path - 1); + unaddr->sun_path[sizeof unaddr->sun_path - 1] = 0; + + return 0; +} + + int _assuan_sock_get_nonce (assuan_context_t ctx, struct sockaddr *addr, int addrlen, assuan_sock_nonce_t *nonce) @@ -416,8 +625,8 @@ _assuan_sock_get_nonce (assuan_context_t ctx, struct sockaddr *addr, #endif return 0; } - - + + int _assuan_sock_check_nonce (assuan_context_t ctx, assuan_fd_t fd, assuan_sock_nonce_t *nonce) @@ -498,7 +707,7 @@ assuan_sock_init () return 0; err = assuan_new (&sock_ctx); - + #ifdef HAVE_W32_SYSTEM if (! err) WSAStartup (0x202, &wsadat); @@ -521,7 +730,7 @@ assuan_sock_deinit () assuan_release (sock_ctx); sock_ctx = NULL; } - + int assuan_sock_close (assuan_fd_t fd) @@ -529,7 +738,7 @@ assuan_sock_close (assuan_fd_t fd) return _assuan_close (sock_ctx, fd); } -assuan_fd_t +assuan_fd_t assuan_sock_new (int domain, int type, int proto) { return _assuan_sock_new (sock_ctx, domain, type, proto); @@ -548,9 +757,16 @@ assuan_sock_bind (assuan_fd_t sockfd, struct sockaddr *addr, int addrlen) } int -assuan_sock_get_nonce (struct sockaddr *addr, int addrlen, +assuan_sock_set_sockaddr_un (const char *fname, struct sockaddr *addr, + int *r_redirected) +{ + return _assuan_sock_set_sockaddr_un (fname, addr, r_redirected); +} + +int +assuan_sock_get_nonce (struct sockaddr *addr, int addrlen, assuan_sock_nonce_t *nonce) -{ +{ return _assuan_sock_get_nonce (sock_ctx, addr, addrlen, nonce); } diff --git a/src/assuan.h.in b/src/assuan.h.in index d074a9f..f53c26e 100644 --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -470,6 +470,8 @@ assuan_fd_t assuan_sock_new (int domain, int type, int proto); int assuan_sock_connect (assuan_fd_t sockfd, struct sockaddr *addr, int addrlen); int assuan_sock_bind (assuan_fd_t sockfd, struct sockaddr *addr, int addrlen); +int assuan_sock_set_sockaddr_un (const char *fname, struct sockaddr *addr, + int *r_redirected); int assuan_sock_get_nonce (struct sockaddr *addr, int addrlen, assuan_sock_nonce_t *nonce); int assuan_sock_check_nonce (assuan_fd_t fd, assuan_sock_nonce_t *nonce); diff --git a/src/libassuan.def b/src/libassuan.def index 5636bfc..d9997e3 100644 --- a/src/libassuan.def +++ b/src/libassuan.def @@ -111,6 +111,7 @@ EXPORTS __assuan_sendmsg @90 __assuan_waitpid @91 assuan_check_version @92 + assuan_sock_set_sockaddr_un @93 ; END diff --git a/src/libassuan.vers b/src/libassuan.vers index 700c68c..e36c322 100644 --- a/src/libassuan.vers +++ b/src/libassuan.vers @@ -101,6 +101,7 @@ LIBASSUAN_1.0 { assuan_free; assuan_socket_connect_fd; assuan_check_version; + assuan_sock_set_sockaddr_un; __assuan_close; __assuan_pipe; ----------------------------------------------------------------------- Summary of changes: NEWS | 5 + configure.ac | 2 +- doc/assuan.texi | 37 +++++++- src/assuan-defs.h | 2 + src/assuan-socket.c | 260 ++++++++++++++++++++++++++++++++++++++++++++++----- src/assuan.h.in | 2 + src/libassuan.def | 1 + src/libassuan.vers | 1 + 8 files changed, 286 insertions(+), 24 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 28 21:30:36 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 28 Nov 2014 21:30:36 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.1.2-6-g0fce017 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 0fce017100c5896cf9dc1fcbd4a39053651c3910 (commit) from 1f99031cb55e88840d98dd71381b2bc2618406fc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0fce017100c5896cf9dc1fcbd4a39053651c3910 Author: Werner Koch Date: Fri Nov 28 21:30:52 2014 +0100 Do not allow LFs in the redirected name. * src/assuan-socket.c (eval_redirection): Stop parsing at the first LF. -- Avoiding LFs in file names is better for logging. diff --git a/src/assuan-socket.c b/src/assuan-socket.c index c8af51b..c392e93 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -287,8 +287,13 @@ eval_redirection (const char *fname, int *r_redirect) return NULL; } buffer[n] = 0; + + /* Check that it is a redirection file. We also check that the + first byte of the name is not a LF because that would lead to an + zero length name. */ if (n < 17 || buffer[n-1] != '\n' - || memcmp (buffer, "%Assuan%\nsocket=", 16)) + || memcmp (buffer, "%Assuan%\nsocket=", 16) + || buffer[16] == '\n') { gpg_err_set_errno (EINVAL); return NULL; @@ -333,6 +338,8 @@ eval_redirection (const char *fname, int *r_redirect) } p = pend; } + else if (*p == '\n') + break; /* Be nice and stop at the first LF. */ else if (n < sizeof addr->sun_path - 1) addr->sun_path[n++] = *p; else ----------------------------------------------------------------------- Summary of changes: src/assuan-socket.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 28 21:34:34 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 28 Nov 2014 21:34:34 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-51-ge1f515b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e1f515b19c7f63b6d0b0253319b9fc41dabed657 (commit) from e59b1cc7471dd161a627b290c645ef7bd0d9d42c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e1f515b19c7f63b6d0b0253319b9fc41dabed657 Author: Werner Koch Date: Fri Nov 28 21:34:35 2014 +0100 agent: Implement socket redirection. * agent/gpg-agent.c (ENAMETOOLONG): New. (redir_socket_name, redir_socket_name_extra) (redir_socket_name_ssh): New. (remove_socket): Take care of the redir names. (main): Pass the redir names to create_server_socket. (create_socket_name): Remove length check - that is anyway done later. (create_server_socket): Add arg r_redir_name and implement redirection if Libassuan is at least 2.14. diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index e001ad1..3ad2c1d 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -129,6 +129,10 @@ enum cmd_and_opt_values }; +#ifndef ENAMETOOLONG +# define ENAMETOOLONG EINVAL +#endif + static ARGPARSE_OPTS opts[] = { @@ -279,14 +283,19 @@ static int disable_check_own_socket; /* It is possible that we are currently running under setuid permissions */ static int maybe_setuid = 1; -/* Name of the communication socket used for native gpg-agent requests. */ +/* Name of the communication socket used for native gpg-agent + requests. The second variable is either NULL or a malloced string + with the real socket name in case it has been redirected. */ static char *socket_name; +static char *redir_socket_name; /* Name of the optional extra socket used for native gpg-agent requests. */ static char *socket_name_extra; +static char *redir_socket_name_extra; /* Name of the communication socket used for ssh-agent-emulation. */ static char *socket_name_ssh; +static char *redir_socket_name_ssh; /* We need to keep track of the server's nonces (these are dummies for POSIX systems). */ @@ -328,6 +337,7 @@ static int active_connections; static char *create_socket_name (char *standard_name, int with_homedir); static gnupg_fd_t create_server_socket (char *name, int primary, + char **r_redir_name, assuan_sock_nonce_t *nonce); static void create_directories (void); @@ -472,14 +482,18 @@ set_debug (void) } -/* Helper for cleanup to remove one socket with NAME. */ +/* Helper for cleanup to remove one socket with NAME. REDIR_NAME is + the corresponding real name if the socket has been redirected. */ static void -remove_socket (char *name) +remove_socket (char *name, char *redir_name) { if (name && *name) { char *p; + if (redir_name) + name = redir_name; + gnupg_remove (name); p = strrchr (name, '/'); if (p) @@ -504,10 +518,10 @@ cleanup (void) return; done = 1; deinitialize_module_cache (); - remove_socket (socket_name); + remove_socket (socket_name, redir_socket_name); if (opt.extra_socket > 1) - remove_socket (socket_name_extra); - remove_socket (socket_name_ssh); + remove_socket (socket_name_extra, redir_socket_name_extra); + remove_socket (socket_name_ssh, redir_socket_name_ssh); } @@ -1098,20 +1112,24 @@ main (int argc, char **argv ) /* Create the sockets. */ socket_name = create_socket_name (GPG_AGENT_SOCK_NAME, 1); - fd = create_server_socket (socket_name, 1, &socket_nonce); + fd = create_server_socket (socket_name, 1, + &redir_socket_name, &socket_nonce); if (opt.extra_socket) { socket_name_extra = create_socket_name (socket_name_extra, 0); opt.extra_socket = 2; /* Indicate that it has been malloced. */ fd_extra = create_server_socket (socket_name_extra, 0, + &redir_socket_name_extra, &socket_nonce_extra); } if (opt.ssh_support) { socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1); - fd_ssh = create_server_socket (socket_name_ssh, 0, &socket_nonce_ssh); + fd_ssh = create_server_socket (socket_name_ssh, 0, + &redir_socket_name_ssh, + &socket_nonce_ssh); } /* If we are going to exec a program in the parent, we record @@ -1499,11 +1517,6 @@ create_socket_name (char *standard_name, int with_homedir) log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S); agent_exit (2); } - if (strlen (name) + 1 >= DIMof (struct sockaddr_un, sun_path) ) - { - log_error (_("name of socket too long\n")); - agent_exit (2); - } return name; } @@ -1512,33 +1525,69 @@ create_socket_name (char *standard_name, int with_homedir) /* Create a Unix domain socket with NAME. Returns the file descriptor or terminates the process in case of an error. Note that this function needs to be used for the regular socket first (indicated - by PRIMARY) and only then for the extra and the ssh sockets. */ + by PRIMARY) and only then for the extra and the ssh sockets. if + the soecket has been redirected the name of the real socket is + stored as a malloced string at R_REDIR_NAME. */ static gnupg_fd_t -create_server_socket (char *name, int primary, assuan_sock_nonce_t *nonce) +create_server_socket (char *name, int primary, + char **r_redir_name, assuan_sock_nonce_t *nonce) { - struct sockaddr_un *serv_addr; + struct sockaddr *addr; + struct sockaddr_un *unaddr; socklen_t len; gnupg_fd_t fd; int rc; + xfree (*r_redir_name); + *r_redir_name = NULL; + fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0); if (fd == ASSUAN_INVALID_FD) { log_error (_("can't create socket: %s\n"), strerror (errno)); + *name = 0; /* Inhibit removal of the socket by cleanup(). */ agent_exit (2); } - serv_addr = xmalloc (sizeof (*serv_addr)); - memset (serv_addr, 0, sizeof *serv_addr); - serv_addr->sun_family = AF_UNIX; - if (strlen (name) + 1 >= sizeof (serv_addr->sun_path)) + unaddr = xmalloc (sizeof *unaddr); + addr = (struct sockaddr*)unaddr; + +#if ASSUAN_VERSION_NUMBER >= 0x020104 /* >= 2.1.4 */ + { + int redirected; + + if (assuan_sock_set_sockaddr_un (name, addr, &redirected)) + { + if (errno == ENAMETOOLONG) + log_error (_("socket name '%s' is too long\n"), name); + else + log_error ("error preparing socket '%s': %s\n", + name, gpg_strerror (gpg_error_from_syserror ())); + *name = 0; /* Inhibit removal of the socket by cleanup(). */ + agent_exit (2); + } + if (redirected) + { + *r_redir_name = xstrdup (unaddr->sun_path); + if (opt.verbose) + log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name); + } + } +#else /* Assuan < 2.1.4 */ + redirected = 0; + memset (unaddr, 0, sizeof *unaddr); + unaddr->sun_family = AF_UNIX; + if (strlen (name) + 1 >= sizeof (unaddr->sun_path)) { log_error (_("socket name '%s' is too long\n"), name); + *name = 0; /* Inhibit removal of the socket by cleanup(). */ agent_exit (2); } - strcpy (serv_addr->sun_path, name); - len = SUN_LEN (serv_addr); - rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len); + strcpy (unaddr->sun_path, name); +#endif /* Assuan < 2.1.4 */ + + len = SUN_LEN (unaddr); + rc = assuan_sock_bind (fd, addr, len); /* Our error code mapping on W32CE returns EEXIST thus we also test for this. */ @@ -1549,14 +1598,13 @@ create_server_socket (char *name, int primary, assuan_sock_nonce_t *nonce) #endif )) { - /* Check whether a gpg-agent is already running. - We do this test only if this is not the ssh socket. - For ssh we assume that a test for gpg-agent has already been - done and reuse the requested ssh socket. Testing the - ssh-socket is not possible because at this point, though we - know the new Assuan socket, the Assuan server and thus the - ssh-agent server is not yet operational. This would lead to - a hang. */ + /* Check whether a gpg-agent is already running. We do this + test only if this is the primary socket. For secondary + sockets we assume that a test for gpg-agent has already been + done and reuse the requested socket. Testing the ssh-socket + is not possible because at this point, though we know the new + Assuan socket, the Assuan server and thus the ssh-agent + server is not yet operational; this would lead to a hang. */ if (primary && !check_for_running_agent (1)) { log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX); @@ -1567,19 +1615,18 @@ create_server_socket (char *name, int primary, assuan_sock_nonce_t *nonce) assuan_sock_close (fd); agent_exit (2); } - gnupg_remove (name); - rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len); + gnupg_remove (unaddr->sun_path); + rc = assuan_sock_bind (fd, addr, len); } - if (rc != -1 - && (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce))) + if (rc != -1 && (rc=assuan_sock_get_nonce (addr, len, nonce))) log_error (_("error getting nonce for the socket\n")); if (rc == -1) { /* We use gpg_strerror here because it allows us to get strings for some W32 socket error codes. */ log_error (_("error binding socket to '%s': %s\n"), - serv_addr->sun_path, - gpg_strerror (gpg_error_from_errno (errno))); + unaddr->sun_path, + gpg_strerror (gpg_error_from_syserror ())); assuan_sock_close (fd); *name = 0; /* Inhibit removal of the socket by cleanup(). */ @@ -1589,12 +1636,13 @@ create_server_socket (char *name, int primary, assuan_sock_nonce_t *nonce) if (listen (FD2INT(fd), 5 ) == -1) { log_error (_("listen() failed: %s\n"), strerror (errno)); + *name = 0; /* Inhibit removal of the socket by cleanup(). */ assuan_sock_close (fd); agent_exit (2); } if (opt.verbose) - log_info (_("listening on socket '%s'\n"), serv_addr->sun_path); + log_info (_("listening on socket '%s'\n"), unaddr->sun_path); return fd; } ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 124 +++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 86 insertions(+), 38 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org